Hacker News
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Security researchers have uncovered a malicious package on the npm registry that impersonates the official Bitwarden command-line interface. This compromised package is part of a broader supply chain attack designed to exfiltrate credentials and other sensitive information from developers' environments.
MY TAKE
Supply chain attacks continue to be a massive threat in the software ecosystem. This incident is a stark reminder to always verify package names and publishers, and to use lockfiles to ensure dependency integrity, especially for tools that manage credentials.
securitysupply chainnpmbitwarden
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign" from Hacker News (https://socket.dev/blog/bitwarden-cli-compromised) [Thu, 23 Apr 2026 14:17:08 +0000]