cline
Cline CLI unauthorized npm publish installs openclaw
An unauthorized party used an exposed npm publish token to publish cline@2.3.0. The release was byte-identical to cline@2.2.3 except for a postinstall script that globally installed the unrelated openclaw package. Cline reported no malicious code delivery, user-data access, source-code compromise, or VS Code/OpenVSX/JetBrains extension compromise. The exposed token traced back to a vulnerable AI-powered issue-triage workflow that had been removed but whose npm credential was not revoked. Maintainers deprecated 2.3.0, published clean 2.4.0, and revoked the token.
- Date
- 2026-02-17
- Category
- Open Source
- Target Surface
- Package registry
- Insertion Phase
- distribution
- Impact
- Unauthorized Software Installation
- Cause
- Compromised npm token/CI cache poisoning
What Was Affected
Package
cline
LanguageJavaScript
ComponentCLI Tool
Artifact typesource archive
Domain typepackage host
Domain
npmjs.com
Repository
github.com/cline/cline
Compromised Versions
Incident Context
- Motive
- Unauthorized Software Installation
- Transitive
- No
- User Impact
- 4000
- Observed Duration
- 0 days
Evidence
Compromised Artifacts
Current Artifacts and Analysis
External References
Source Data
Source record: oss/cline/meta.yaml