On April 23, 2026, @bitwarden/cli was compromised as part of the ongoing Checkmarx supply chain campaign. Malicious code was injected into version 2026.4.0 via a GitHub Actions workflow in Bitwarden's own CI/CD pipeline. The package had 9 maintainers, nearly 78K weekly downloads, and a behavioral trust score of 92 out of 100. Three days later, this is still being discussed as a "supply chain attac
Two Types of npm Supply Chain Attack: What Catches Each
Pico·Dev.to··1 min read
D
Continue reading on Dev.to
This article was sourced from Dev.to's RSS feed. Visit the original for the complete story.