The TeamPCP supply chain campaign compromised the Nx Console VS Code extension (v18.95.0) via a poisoned TanStack npm dependency, harvesting GitHub CLI credentials from a GitHub employee’s workstation and gaining unauthorized access to approximately 3,800 internal GitHub repositories. No CVE has been assigned. Attribution to TeamPCP and attack details are sourced from T3 threat intelligence; official GitHub and CISA statements were not available at publication. Organizations with developers using Nx Console v18.95.0 or TanStack packages installed during the exposure window require immediate credential rotation and extension audit.