Bitwarden CLI npm 2026.4.0 Credential Stealer
Bitwarden confirmed that @bitwarden/[email protected] was maliciously distributed through the npm CLI delivery path for a short April 22, 2026 window. CVE-2026-42994 tracks the incident; artifact analysis tied the package to bw_setup.js, bw1.js, Bun bootstrap, credential theft, and GitHub fallback channels.