Bitwarden CLI hit by Shai-Hulud
The official Bitwarden CLI npm package (@bitwarden/cli) version 2026.4.0 was compromised during the broader Checkmarx/TeamPCP supply-chain campaign after attackers abused a GitHub Actions path in Bitwarden's CI/CD pipeline.
Story
On April 22, 2026, the official command-line client for the password manager Bitwarden briefly shipped a credential stealer on npm, drawn into the same TeamPCP supply-chain campaign that researchers at Checkmarx had been tracking across the JavaScript ecosystem that week.
Bitwarden distributes its CLI as @bitwarden/cli, a tool used by developers and CI pipelines to script vault access. Version 2026.4.0 of that package, published from Bitwarden's own build pipeline, carried malicious JavaScript inside bw1.js. The affected surface is narrow: the npm package, not the Bitwarden desktop or web clients, and not customer vault data. Bitwarden said it found no evidence that end-user vaults were accessed.
The payload was a near-direct match for the Checkmarx/TeamPCP toolchain documented elsewhere in the campaign. It used the same audit.checkmarx.cx telemetry endpoint, the same string-scrambling style, and the same embedded routines for stealing GitHub Actions tokens, injecting workflows, and republishing npm packages from stolen credentials. Socket described the bw1.js loader as carrying the same npm propagation logic that drove the rest of the wave.
Because npm packages can run install-time scripts, the malware did not need a developer to launch the CLI to act. It could read GitHub Actions runner memory, scrape environment variables, lift cloud and npm credentials, and use whatever publishing rights it found to seed the next round of compromised packages.
Bitwarden pulled the release, rotated the access used to push it, and deprecated 2026.4.0 on npm. The window of exposure was short, but anyone whose CI installed @bitwarden/cli during it should treat the host as having had its environment read by an attacker operating against the broader Checkmarx campaign infrastructure.
Affected Artifacts
- Observed
- 2026-04-22 to 2026-04-23
- Compromised Versions
- Fixed
- Not listed
- Evidence
- distribution: npmjs.com/package/@bitwarden/cli/v/2026.4.0, file: bw1.js, url: https://audit.checkmarx.cx/v1/telemetry, observable: ip:94.154.172.43 , +3 more
Incident Context
- Motive
- Credential Theft
- Attribution
- Group
- Cause
- CI/CD Exploit
- Transitive
- Yes
- Actor
- TeamPCP
External References
- Bitwarden CLI compromised in ongoing Checkmarx supply chain campaignsocket.dev
- The npm threat landscapeunit42.paloaltonetworks.com
Source record: oss/attacks/bitwarden-cli/meta.yaml