Cline CLI npm Package Hijacked for 8 Hours
VPN Central [Unofficial]
February 20, 2026
Hackers compromised Cline CLI’s npm publish token on February 17, 2026, from 3:26 AM PT to 11:30 AM PT. They released malicious version 2.3.0 that installed OpenCLAW via postinstall script. Developers who installed during this window face potential supply chain risk. Cline serves as AI coding assistant for VS Code and JetBrains. Attackers modified only […]
The post Cline CLI npm Package Hijacked for 8 Hours appeared first on VPN Central.
Discussion in the ATmosphere