Cline AI Dev Tool’s npm Token Hijacked: A Wake-Up Call for Developer Security
In a recent security breach, the Cline Command Line Interface (CLI), a widely-used AI coding assistant, fell victim to a supply chain attack that compromised its npm package for eight hours. This incident underscores the escalating threats targeting developer tools and the critical need for robust security measures in software development pipelines.
Incident Overview
On February 17, 2026, at 3:26 AM Pacific Time, an unauthorized entity exploited a stolen npm publish token to upload a malicious version of the Cline CLI, labeled as [email protected], to the npm registry. Cline, integrated into popular development environments like Visual Studio Code and JetBrains, assists developers by providing AI-driven coding support.
Technical Details of the Breach
The attacker altered the package.json file within the Cline package, inserting a post-installation script designed to execute `npm install -g openclaw@latest` upon installation. Notably, the core functionality of Cline, including the primary CLI binary (dist/cli.mjs), remained unchanged from the legitimate [email protected] release.
OpenCLAW, the package installed by the malicious script, is an open-source tool described as non-malicious. However, its unauthorized installation without user consent raises significant concerns about the potential for more harmful payloads in similar future attacks.
Detection and Response
The Cline development team identified the compromised release and acted swiftly to mitigate the issue. By 11:23 AM PT on the same day, they published a corrected version, [email protected], and deprecated the malicious [email protected] at 11:30 AM PT. This rapid response limited the exposure window to approximately eight hours.
To prevent future incidents, the compromised npm publish token was revoked. The team has since transitioned to using OpenID Connect (OIDC) provenance via GitHub Actions for npm publishing, enhancing the security of their release pipeline.
Impact Assessment
The breach specifically affected the Cline CLI npm package. Importantly, the Cline extensions for Visual Studio Code and JetBrains were not impacted by this incident.
Recommendations for Developers
Developers who installed [email protected] during the affected period are advised to take the following actions:
1. Update to the Latest Version: Run `cline update` or `npm install -g cline@latest` to ensure you have the corrected version.
2. Verify Installation: Confirm the installed version by executing `cline –version`.
3. Remove Unauthorized Packages: If OpenCLAW was installed without your consent, remove it using `npm uninstall -g openclaw`.
Broader Implications
This incident highlights the growing risk of supply chain attacks targeting developer tools. Such attacks can have far-reaching consequences, potentially compromising numerous downstream projects and systems.
Preventive Measures
To safeguard against similar threats, organizations and developers should consider implementing the following measures:
– Audit Installed Tools: Regularly review and verify the integrity of installed command-line interfaces and other development tools.
– Enforce Token Hygiene: Implement strict controls over access tokens and credentials, ensuring they are securely stored and regularly rotated.
– Enhance Release Security: Adopt secure release practices, such as using OIDC for authentication and automating security checks in the release pipeline.
Conclusion
The Cline npm package compromise serves as a stark reminder of the vulnerabilities inherent in software supply chains. By adopting proactive security measures and maintaining vigilance, developers and organizations can better protect their tools and systems from such attacks.
