Dossier
spread to other projects
Coverage of spread to other projects in the Nexus archive.
- Bitwarden CLI npm package compromised to steal developer credentials
The Bitwarden CLI was compromised when attackers uploaded a malicious @bitwarden/cli package to npm, containing a credential-stealing payload designed to spread to other projects. The incident highlights vulnerabilities in package registries and the risks of supply chain attacks.