bitwarden-cli-helper
Are you affected?
bitwarden-cli-helper versions 1.4.2 or 1.4.3 between Apr 21, 17:00 UTC and Apr 22, 23:00 UTC. The official Bitwarden CLI (@bitwarden/cli) was never affected.If your lockfile resolves to a pinned version from before Apr 21, you were never exposed. The malicious code didn't exist yet. Run this one command to check:
What happened
On April 21, an attacker registered a newly-created npm account and published bitwarden-cli-helper. The name was chosen to blend in with the many community wrappers around @bitwarden/cli. The package listed a legitimate-looking README cribbed from a real Bitwarden helper, and claimed to offer simplified secret lookup.
The malicious payload ran from a postinstall script. It scanned for .bw-session, ~/.ssh/, environment variables starting with AWS_, GCP_, or BW_, and exfiltrated matches to an attacker-controlled endpoint over DNS-over-HTTPS to evade naive egress controls.
A developer flagged the package on social media around 17:45 UTC on Apr 22. npm's security team removed it by 23:00 UTC the same day.
Timeline
1.4.2 published by newly-created npm account bw-helper-team.1.4.3 with an updated payload and an additional DNS exfiltration path.If you were exposed
If npm ls returns a match, treat any credential that was in scope during the install window as compromised. At minimum:
- Rotate Bitwarden session tokens and re-unlock all vaults.
- Rotate any
AWS_,GCP_, orBW_environment variable secrets present on the affected machine. - Review SSH key material under
~/.ssh/and rotate anything without a passphrase. - Remove the package:
npm uninstall bitwarden-cli-helperand delete yournode_modulesandpackage-lock.jsonbefore reinstalling.