Bitwarden's CLI npm package was compromised in a Checkmarx-linked supply chain attack. Malicious code was found in an npm package version, but no user data seems to have been accessed. Other Bitwarden products remain unaffected.
Can npm just disable the post install script feature at this point jfc, or put a ton of hurdles to jump over in order to use it just to make sure that this is always 100% meant to be there
Can npm just disable the post install script feature at this point jfc, or put a ton of hurdles to jump over in order to use it just to make sure that this is always 100% meant to be there