Overview - Nx

Nx

7 days30 days

Latest CI Pipeline Executions

Fuzzy

Failed
31
75f1e087 add ngrx dependencies for workspace and convert-to-workspace schematics
1 minute ago by jschwarty
In progress
34312
f71c7e2d chore(repo): test pr version w/ iso shutdown
12 minutes ago by AgentEnder
Succeeded
757
bd615619 feat(builders): add runInBand and maxWorkers options to jest
29 minutes ago by FrozenPandaz
Succeeded
master
79d878f2 fix(core): prevent command injection in getNpmPackageVersion (#34309) ## Current Behavior The `getNpmPackageVersion` function in `packages/workspace/src/generators/utils/get-npm-package-version.ts` uses `execSync` with direct string interpolation of the `packageName` parameter. When a user runs `create-nx-workspace` with a custom `--preset` value that doesn't match a known preset, the value flows unsanitized into a shell command: ```js execSync(`npm view ${packageName}... version --json`) ``` This allows arbitrary command execution via shell metacharacters (e.g., `--preset='pkg$(malicious command)'`). ## Expected Behavior User-supplied package names are validated against a strict npm package name regex before being passed to any shell command. The function now uses `execFileSync` with an args array instead of `execSync` with string interpolation, providing defense in depth: 1. **Input validation** — rejects anything that isn't a valid npm package name 2. **Safe execution** — arguments are passed as an array so Node.js handles escaping, rather than concatenating into a raw shell string
29 minutes ago by FrozenPandaz
In progress
34293
f1ff4ed8 feat(core): add preferBatch executor option Add a `preferBatch` property to executor configuration that allows plugin authors to indicate their executor should use batch mode by default, while still allowing users to opt-out with --no-batch. Behavior: - --batch flag: batch everything - --no-batch flag: batch nothing - not specified: use each executor's preferBatch preference Enable preferBatch for gradle and maven executors since they benefit most from batch execution.
33 minutes ago by FrozenPandaz
Succeeded
master
b198606b docs(core): add rationale and intent sections to plugin isolation architecture Add "why" documentation to help developers understand the intent behind design decisions, not just the technical flows. New sections cover: - Why plugin isolation exists (memory, crashes, global state) - Design principles (Unix sockets, eager shutdown, session counting) - Phase system rationale and shutdown rules - Common pitfalls when modifying the system
33 minutes ago by AgentEnder
Succeeded
22.4.5
43a34d0b fix(core): prevent command injection in getNpmPackageVersion (#34309) ## Current Behavior The `getNpmPackageVersion` function in `packages/workspace/src/generators/utils/get-npm-package-version.ts` uses `execSync` with direct string interpolation of the `packageName` parameter. When a user runs `create-nx-workspace` with a custom `--preset` value that doesn't match a known preset, the value flows unsanitized into a shell command: ```js execSync(`npm view ${packageName}... version --json`) ``` This allows arbitrary command execution via shell metacharacters (e.g., `--preset='pkg$(malicious command)'`). ## Expected Behavior User-supplied package names are validated against a strict npm package name regex before being passed to any shell command. The function now uses `execFileSync` with an args array instead of `execSync` with string interpolation, providing defense in depth: 1. **Input validation** — rejects anything that isn't a valid npm package name 2. **Safe execution** — arguments are passed as an array so Node.js handles escaping, rather than concatenating into a raw shell string (cherry picked from commit 79d878f24041a680fa103eb1b346bab72b8e88d0)
33 minutes ago by FrozenPandaz
In progress
34205
b1f7987a chore(core): review feedback
40 minutes ago by AgentEnder
In progress
22.4.x
43a34d0b fix(core): prevent command injection in getNpmPackageVersion (#34309) ## Current Behavior The `getNpmPackageVersion` function in `packages/workspace/src/generators/utils/get-npm-package-version.ts` uses `execSync` with direct string interpolation of the `packageName` parameter. When a user runs `create-nx-workspace` with a custom `--preset` value that doesn't match a known preset, the value flows unsanitized into a shell command: ```js execSync(`npm view ${packageName}... version --json`) ``` This allows arbitrary command execution via shell metacharacters (e.g., `--preset='pkg$(malicious command)'`). ## Expected Behavior User-supplied package names are validated against a strict npm package name regex before being passed to any shell command. The function now uses `execFileSync` with an args array instead of `execSync` with string interpolation, providing defense in depth: 1. **Input validation** — rejects anything that isn't a valid npm package name 2. **Safe execution** — arguments are passed as an array so Node.js handles escaping, rather than concatenating into a raw shell string (cherry picked from commit 79d878f24041a680fa103eb1b346bab72b8e88d0)
44 minutes ago by FrozenPandaz
Succeeded
master
79d878f2 fix(core): prevent command injection in getNpmPackageVersion (#34309) ## Current Behavior The `getNpmPackageVersion` function in `packages/workspace/src/generators/utils/get-npm-package-version.ts` uses `execSync` with direct string interpolation of the `packageName` parameter. When a user runs `create-nx-workspace` with a custom `--preset` value that doesn't match a known preset, the value flows unsanitized into a shell command: ```js execSync(`npm view ${packageName}... version --json`) ``` This allows arbitrary command execution via shell metacharacters (e.g., `--preset='pkg$(malicious command)'`). ## Expected Behavior User-supplied package names are validated against a strict npm package name regex before being passed to any shell command. The function now uses `execFileSync` with an args array instead of `execSync` with string interpolation, providing defense in depth: 1. **Input validation** — rejects anything that isn't a valid npm package name 2. **Safe execution** — arguments are passed as an array so Node.js handles escaping, rather than concatenating into a raw shell string
47 minutes ago by FrozenPandaz
Succeeded
master
79d878f2 fix(core): prevent command injection in getNpmPackageVersion (#34309) ## Current Behavior The `getNpmPackageVersion` function in `packages/workspace/src/generators/utils/get-npm-package-version.ts` uses `execSync` with direct string interpolation of the `packageName` parameter. When a user runs `create-nx-workspace` with a custom `--preset` value that doesn't match a known preset, the value flows unsanitized into a shell command: ```js execSync(`npm view ${packageName}... version --json`) ``` This allows arbitrary command execution via shell metacharacters (e.g., `--preset='pkg$(malicious command)'`). ## Expected Behavior User-supplied package names are validated against a strict npm package name regex before being passed to any shell command. The function now uses `execFileSync` with an args array instead of `execSync` with string interpolation, providing defense in depth: 1. **Input validation** — rejects anything that isn't a valid npm package name 2. **Safe execution** — arguments are passed as an array so Node.js handles escaping, rather than concatenating into a raw shell string
1 hour ago by FrozenPandaz
Succeeded
34265
8a3d9828 chore(nx-dev): cleanup
1 hour ago by barbados-c...
Canceled
34265
c95fd3da chore(nx-dev): cleanup
1 hour ago by barbados-c...
Succeeded
master
b198606b docs(core): add rationale and intent sections to plugin isolation architecture Add "why" documentation to help developers understand the intent behind design decisions, not just the technical flows. New sections cover: - Why plugin isolation exists (memory, crashes, global state) - Design principles (Unix sockets, eager shutdown, session counting) - Phase system rationale and shutdown rules - Common pitfalls when modifying the system
1 hour ago by AgentEnder
Succeeded
34306
32e7c8ba fix(core): fix CNW git amend and README marker handling 1. When running create-nx-workspace with cloud enabled, the README update flow attempts to amend the initial commit. If no commit exists (due to an earlier failure or edge case), users see "fatal: You have nothing to amend" error (89 reported occurrences). 2. When users opt out of cloud, the README content between the nx-cloud markers was being completely removed instead of just stripping the marker comments. 1. The amendOrCommitReadme function now: - Checks if there are staged changes before committing - Verifies a commit exists before attempting to amend - Silently bails out if preconditions aren't met 2. When no connect URL is provided, the content between markers is preserved and only the HTML comment markers are stripped. Fixes NXC-3811 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1 hour ago by jaysoo
Succeeded
34149
f3969dd8 docs(nx-dev): update Nx Cloud & Home features, add new components Replaced and enhanced components across Nx Cloud and Home pages.
1 hour ago by bcabanes
Failed
34149
Fix ready→
87b68f09 docs(nx-dev): update Nx Cloud & Home features, add new components Replaced and enhanced components across Nx Cloud and Home pages.
1 hour ago by bcabanes
Failed
22.4.x
0848679f fix(maven): include pom.xml and ancestor pom files as inputs for all targets (#34291) ## Current Behavior - `pom.xml` is only included as an input when a mojo uses default inputs - Mojos with specific input configurations (like `maven-compiler-plugin:compile`) don't get `pom.xml` in their inputs - Parent `pom.xml` files aren't tracked as inputs This can lead to stale cache hits when: 1. `pom.xml` changes but a mojo has specific input config 2. A parent `pom.xml` changes (affecting inherited properties, dependency versions, plugin config) ## Expected Behavior - Every target should include its own `pom.xml` as an input - Every target should include ancestor `pom.xml` files (within the workspace) as inputs - Cache should invalidate when any relevant `pom.xml` changes ## Related Issue(s) N/A - discovered during code review ## Changes - **CacheConfig.kt**: Removed `pom.xml` from `defaultInputs` (now always added explicitly) - **MojoAnalyzer.kt**: Added `workspaceRoot` parameter and logic to walk up the parent chain, adding all in-workspace ancestor `pom.xml` files as inputs - **NxProjectAnalyzerMojo.kt**: Pass `workspaceRoot` to `MojoAnalyzer` (cherry picked from commit 3f6bdc7ff7acd4bb14e18e197ef4b19d59e5a02a)
2 hours ago by FrozenPandaz
Canceled
34149
15e7d8cc chore(nx-dev): remove stale tsconfig references after project deletion Co-authored-by: bcabanes <bcabanes@users.noreply.github.com>
2 hours ago by nx-cloud[bot]
Succeeded
34311
2b2f7951 fix(core): handle EPIPE errors gracefully in daemon socket writes When a client disconnects before the daemon finishes writing a response, the EPIPE error would crash the daemon via respondWithErrorAndExit. The client would then mark the daemon as permanently disabled until nx reset. This fixes the issue by cleaning up registered sockets on error events and logging write errors gracefully instead of using console.error.
2 hours ago by FrozenPandaz