Cline CLI 2.3.0 was published with a stolen npm token, installing OpenClaw in an 8-hour attack affecting ~4,000 downloads.
The Register on MSN
AI coding assistant Cline compromised to create more OpenClaw chaos
4K unintended installs in very odd supply chain attack Someone compromised open source AI coding assistant Cline CLI's npm package earlier this week in an odd supply chain attack that secretly ...
The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.
Results that may be inaccessible to you are currently showing.
Hide inaccessible results