Free. Half-day. Online. June 23. AI ❤️ Monorepos Conf 2026 is here — talks from Kent C. Dodds, Jack Herrington, John Lindquist, Kiet Ho, Nicolas Beaussart, Brandon Roberts, and more. Plus: a live product launch you won't want to miss. Reserve your free ticket → monorepo.tools/conf

Dopey and I want to talk to you about Atomic Commits and polyrepos.

We're excited to have you join @kentcdodds!

Big thanks to my fellow Italian 🇮🇹 @giorgio_boa for: - creating Vite Module Federation in the first place 🤩 - putting together this Nx Vite MF example 🚀 🙇‍♂️ Give Giorgo a follow!! nx.dev/docs/technologies/mod…

Join us June 23rd for AI 💛 Monorepos Conf!

Angular v22 is now available 🥳 Here is a quick look at what's landing today: ✅ Signal Forms, Angular Aria & resource are officially STABLE ✅ OnPush change detection is now the default ✅ Template updates and more Read the full breakdown on the blog: 📰 goo.gle/angular-v22-blog Which of these updates is your favorite?

I use both dimensions as a starting point aligning with Nx best practices. While both have their value, for me, the scope/domain dimension is more important as it breaks the entire system in several decoupled pieces -> less cognitive load -> better maintainability -> more local changes, etc.

Multi-version support compliance is coming to @NxDevTools v23, which means we will be able to plan atomic migrations of dependencies without a big-bang refactor when upgrading Nx. It's a major improvement as these upgrades can be tedious on some large workspaces.

We've been working on something new and exciting for the past 6 months. The more progress we made, the more agent-related problems it solved. E.g., saw this in my feed the other day and thought: we sort of solved this one too. youtube.com/watch?v=y8OnoxKo…

Your build system's dashboards need to be as snappy as its terminal interface, don't you think?

Today we officially deprecated 4 packages that facilitated remote caching with Nx and different cloud providers: nx/s3-cache, nx/gcs-cache, nx/azure-cache and nx/shared-fs-cache. This is a proactive move to discourage a known attack vector in recent supply chain attacks: cache poisoning. This isn't related to Nx Cloud's remote caching which has built-in protection against poisoning. These plugins were used by teams who couldn't use Nx Cloud but wanted the speed benefits of distributed task caching. We published a CVE (CREEP CVE-2025-36852) last year against these packages to make it clear that they shouldn't be used for serious projects because of the inherent design flaw. But we still see the plugins used in irresponsible ways. Cyber attacks are ramping up, and are only going to get more effective as the tools the attackers use become more powerful. We're no longer compromising by providing tools that we know most users are using irresponsibly. The notice linked in the next tweet gives more details and recommendations.

We've published the full, detailed postmortem of the Nx Console compromise from Monday May 18th: nx.dev/blog/nx-console-v18-9…

GitHub’s report today confirms that the compromised Nx Console extension was used as the initial access vector in this attack. This is a difficult thing to read as the CEO of Nx, and I want to be direct about it: we take responsibility for the role our software played in this incident. I’m grateful to the GitHub, Microsoft, and independent security teams that moved quickly to investigate, contain, and share information publicly. This incident highlights that there need to be deeper, more fundamental changes to how we and other maintainers need to think about securing developer tooling and open source distribution. We are already making major changes to our publishing, automation, and extension security posture, and we’ll continue sharing those changes publicly as we implement them. We’re also beginning conversations with other high-profile open source maintainers about how we can work together on some of the deeper structural problems around software supply chain security. A lot of the assumptions the ecosystem has operated under for years no longer hold. Our focus right now is supporting affected users, hardening Nx, and helping push the broader ecosystem toward stronger supply chain security practices. Updates and guidance: github.com/nrwl/nx-console/s…

We’re continuing to work with Microsoft and GitHub to investigate the impact of the malicious Nx Console version 18.95.0. I'll share any updates on X (@jeffbcross and @NxDevTools) as well as in our security advisory: github.com/nrwl/nx-console/s…. Initially, Microsoft indicated to us that there were 28 installs of the malicious version 18.95.0. Based on our own analytics for the compromised version, we currently believe the number of users who received the malicious package may be significantly higher; potentially over 6k installs. We’ll keep working to determine the actual impact and exposure, and I don’t want to speculate beyond the facts we have right now. But I also don’t want to minimize the situation. This is my top priority right now. Our team has been, and continues to be focused on understanding exactly what happened, helping affected users, hardening our systems and release processes, and being as transparent as possible throughout the investigation.