The Bitwarden security team identified and contained a malicious package that was briefly distributed through the npm delivery path for @bitwarden/cli@2026.4.0 between 5:57 PM and 7:30 PM (ET) on April 22, 2026, in connection with a broader Checkmarx supply chain incident. Was I affected? If you use the Bitwarden command line interface and deploy using NPM, and downloaded the CLI between 5:57p ET and 7:30p ET on April 22, 2026, you may be affected. See remediation steps below. If you do not u...
It’s not, it’s a problem of every package manager that do not use sources and checksums, like rust and python.
Take a look at this article that does a better job then me at explaining the situation.
It’s not, it’s a problem of every package manager that do not use sources and checksums, like rust and python. Take a look at this article that does a better job then me at explaining the situation.
Lmfao