
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@nexus_js/create-nexus
Advanced tools
Create a new Nexus app — npm create @nexus_js/nexus (scoped; avoids unscoped name conflicts on npm)
Official project scaffold for Nexus. Published under the @nexus_js scope so you can publish without fighting for the global name create-nexus on npm.
npm maps npm create @scope/name to the package @scope/create-name:
npm create @nexus_js/nexus@latest
pnpm create @nexus_js/nexus
yarn create @nexus_js/nexus
bunx @nexus_js/create-nexus@latest
With a folder name:
npm create @nexus_js/nexus@latest my-app
Running create without --yes starts a short wizard (similar to Next.js / Nuxt):
my-nexus-app, or the name you passed as the first argument).-t / --template).If the target folder already exists, the CLI exits with an error (no overwrite).
Use --yes (or -y, --defaults) to skip all prompts:
my-nexus-app.--template, or full by default.npm create @nexus_js/nexus@latest -- --yes
npx @nexus_js/create-nexus@latest ci-app --yes --template minimal
| Template | Flag | What you get |
|---|---|---|
| Minimal | --template minimal or -t minimal | One landing +page.nx, simple +layout.nx, no i18n, no example blog or /islands route — closest to a blank slate. |
| Full | --template full or -t full (default when non-interactive) | i18n (en/es/pt), islands presentation page, blog examples. |
npm create @nexus_js/nexus@latest my-app -- --template minimal
npx @nexus_js/create-nexus@latest my-app -t full
Direct binary (same as above):
npx @nexus_js/create-nexus@latest my-app
Then:
cd my-app
npm install # or: pnpm install / yarn / bun install
npm run dev # or: pnpm dev / yarn dev / bun run dev
The implementation lives in @nexus_js/cli; this package only wires the create entrypoint.
MIT © Nexus contributors
FAQs
Create a new Nexus app — npm create @nexus_js/nexus (scoped; avoids unscoped name conflicts on npm)
The npm package @nexus_js/create-nexus receives a total of 35 weekly downloads. As such, @nexus_js/create-nexus popularity was classified as not popular.
We found that @nexus_js/create-nexus demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.