The Bitwarden security team identified and contained a malicious package that was briefly distributed through the npm delivery path for @bitwarden/cli@2026.4.0 between 5:57 PM and 7:30 PM (ET) on April 22, 2026, in connection with a broader Checkmarx supply chain incident. Was I affected? If you use the Bitwarden command line interface and deploy using NPM, and downloaded the CLI between 5:57p ET and 7:30p ET on April 22, 2026, you may be affected. See remediation steps below. If you do not u...
If you can’t comprehend how site impersonation and search result manipulation aren’t relevant to the actual software vendor getting popped then you have zero comprehension of an actual kill chain.
But sure a package manager is totally safer because you made up an irrelevant scenario!
Nice you went back and checked with how little you cared lol
If you don’t see calling someone ignorant as an insult then I wish you well in a pub talking to a stranger.
I had a chuckle when I saw NPM yet again because it was one of the examples I used that you failed to address despite totally winning that discussion.
Hopefully manufacturing irrelevant scenarios works out for you in your career.
I absolutely believe you forgot your what, 5 or 6 comments arguing about this, goldfish much?
I’m pretty sure I noted your demonstated lack of reading comprehension, not ignorance. Doesn’t seem to have improved in the last 2 weeks.
That’s ironic.
If you can’t comprehend how site impersonation and search result manipulation aren’t relevant to the actual software vendor getting popped then you have zero comprehension of an actual kill chain.
But sure a package manager is totally safer because you made up an irrelevant scenario!
Nice you went back and checked with how little you cared lol