Nx Console VS Code Extension Compromised

Full postmortem of the malicious Nx Console v18.95.0 published to Visual Studio Marketplace and Open VSX on 2026-05-18, originating from the TanStack npm supply-chain compromise that exfiltrated a contributor's gh CLI OAuth token seven days earlier.