VYPR

npm · Malicious package advisory

Malware

cline

MAL-2026-1380

Malicious code in cline (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (38d7531f4d4af07fee607e1d2985d0ea5b41dbf28cca5bc16c8457934e372f86)
The package cline was found to contain malicious code.

## Source: google-open-source-security (ba9952611b2aa348b1b5cc0349d7b905e32d34effa53081994388c37d0d3462a)
An unauthorized party used a compromised npm publish token to publish v2.3.0
of the Cline CLI on the NPM. The compromise added a postinstall script that
globally installed openclaw.

Compromised versions (1)

  • 2.3.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.