NPM supply-chain compromise: Bitwarden CLI trojanised to harvest developer credentials at scale
Attackers uploaded a malicious @bitwarden/cli package to npm that stole developer credentials and could propagate to downstream projects. The compromise was discovered and remediated rapidly, but represents a successful attack on a trusted security tool distribution channel.
Affected
Attackers gained unauthorised access to the Bitwarden CLI npm package registry entry and published a trojanised version containing credential-stealing code. The malicious payload was designed to extract secrets from developer environments, including authentication tokens, API keys, and other sensitive material. This represents a direct compromise of the package distribution mechanism rather than a vulnerability in the code itself.
The attack demonstrates mature operational security on the attacker's part. By targeting a security-focused tool (a password manager CLI), they selected a package with high trust equity among developers and system administrators. The credential harvester would execute during installation or initial use, meaning every developer who ran the compromised version became a potential victim and vector for further compromise. The capability to propagate to other projects suggests the payload could exfiltrate secrets that would allow lateral movement or supply-chain expansion.
Bitwarden's rapid detection and response likely prevented major downstream impact, but the incident reveals critical gaps in npm's security model. Package maintainers lack cryptographic enforcement of publisher identity short of token-based authentication, which is susceptible to account compromise, phishing, or insider threats. No announcement mechanism exists to notify all users of a specific installed version that a compromise has occurred. Developers who installed the malicious version during the active window have no systematic way to know they were affected.
Organisations using Bitwarden CLI in CI/CD pipelines, deployment automation, or secret management workflows faced the highest risk. Any environment where the compromised package was executed could have leaked credentials used by that system, potentially giving attackers persistent access to infrastructure or other upstream systems. This cascading risk is the defining characteristic of supply-chain attacks on developer tooling.
Defenders should treat this as a forcing function to audit npm package lock files and dependency trees for the affected version range, rotate any credentials that could have been present in environments where the malicious CLI ran, and implement stricter controls around package installation in secure contexts. The broader lesson is that package manager security depends on detection speed and atomic revocation ability, neither of which npm currently guarantees at scale.
Sources