The Bitwarden security team identified and contained a malicious package that was briefly distributed through the npm delivery path for @bitwarden/cli@2026.4.0 between 5:57 PM and 7:30 PM (ET) on April 22, 2026, in connection with a broader Checkmarx supply chain incident. Was I affected? If you use the Bitwarden command line interface and deploy using NPM, and downloaded the CLI between 5:57p ET and 7:30p ET on April 22, 2026, you may be affected. See remediation steps below. If you do not u...
Yes, that is exactly how the axios supply chain attack worked… It ran post install script (on dependency) that downloaded malware, ran it and even cleaned it up. Everything on that machine was compromised…
It can be any dependency of dependency too, deep down in the tree…
Hmm. I was going to say that it sounds bonkers what it can run just any script, but at the same time, is it any different from downloading and executhing a binary file?
Yes, that is exactly how the axios supply chain attack worked… It ran post install script (on dependency) that downloaded malware, ran it and even cleaned it up. Everything on that machine was compromised… It can be any dependency of dependency too, deep down in the tree…
Hmm. I was going to say that it sounds bonkers what it can run just any script, but at the same time, is it any different from downloading and executhing a binary file?