The Bitwarden security team identified and contained a malicious package that was briefly distributed through the npm delivery path for @bitwarden/cli@2026.4.0 between 5:57 PM and 7:30 PM (ET) on April 22, 2026, in connection with a broader Checkmarx supply chain incident. Was I affected? If you use the Bitwarden command line interface and deploy using NPM, and downloaded the CLI between 5:57p ET and 7:30p ET on April 22, 2026, you may be affected. See remediation steps below. If you do not u...
Thanks for the link. There have been a few people in this thread making this point, and I was considering asking them to elaborate so that I can gauge what my risk is from using pip for python. I appreciate you providing a resource so I can go learn more about this
Thanks for the link. There have been a few people in this thread making this point, and I was considering asking them to elaborate so that I can gauge what my risk is from using pip for python. I appreciate you providing a resource so I can go learn more about this