Bitwarden said its CLI package was briefly compromised on npm on April 22, 2026, as part of a broader supply chain campaign that affected version 2026.4.0 and exposed developer secrets through a malicious preinstall hook.
KEY FACTS
- Affected package @bitwarden/cli version 2026.4.0
- Timing distributed between 5:57 PM and 7:30 PM ET on April 22, 2026
- Malware behavior stole GitHub, npm, SSH, environment and cloud secrets
- Exfiltration data was sent to a domain mimicking Checkmarx and, if needed, to GitHub commits
The issue was described in a security disclosure by Socket, which said the malicious code was placed in bw1.js and reached users through the npm package contents. JFrog said the rogue release also targeted developer secrets and AI coding tool settings, including Claude, Cursor, Codex CLI and Aider.
The attack used a preinstall hook to run automatically when the package was installed. According to the report, the stolen data was encrypted with AES-256-GCM before being sent to audit.checkmarx.cx, with a GitHub repository used as a fallback exfiltration path.
If GitHub tokens were found, the malware could use them to inject malicious Actions workflows and pull more secrets from CI/CD environments. Security researchers said the campaign appears tied to the same GitHub Actions supply chain pattern seen in other affected repositories.
Bitwarden said no end user vault data was accessed or at risk and that production systems were not compromised. The company said the malicious npm release was deprecated, access was revoked and remediation began after the issue was detected.
WHY IT MATTERS
The incident shows how a single compromised package can expose developer credentials and create a path into wider software delivery systems. It also underscores the risk of malicious code being distributed through trusted package channels before defenders notice.