The Bitwarden security team identified and contained a malicious package that was briefly distributed through the npm delivery path for @bitwarden/cli@2026.4.0 between 5:57 PM and 7:30 PM (ET) on April 22, 2026, in connection with a broader Checkmarx supply chain incident. The investigation found no evidence that end user vault data was accessed or at risk, or that production data or production systems were compromised. Once the issue was detected, compromised access was revoked, the malicious ...
If you can’t comprehend how site impersonation and search result manipulation aren’t relevant to the actual software vendor getting popped then you have zero comprehension of an actual kill chain.
But sure a package manager is totally safer because you made up an irrelevant scenario!
Nice you went back and checked with how little you cared lol
If you don’t see calling someone ignorant as an insult then I wish you well in a pub talking to a stranger.
I had a chuckle when I saw NPM yet again because it was one of the examples I used that you failed to address despite totally winning that discussion.
Hopefully manufacturing irrelevant scenarios works out for you in your career.
I absolutely believe you forgot your what, 5 or 6 comments arguing about this, goldfish much?
I’m pretty sure I noted your demonstated lack of reading comprehension, not ignorance. Doesn’t seem to have improved in the last 2 weeks.
That’s ironic.
If you can’t comprehend how site impersonation and search result manipulation aren’t relevant to the actual software vendor getting popped then you have zero comprehension of an actual kill chain.
But sure a package manager is totally safer because you made up an irrelevant scenario!
Nice you went back and checked with how little you cared lol