The Peril of Entrypoint Rewiring: A Deep Dive into the @bitwarden/cli Hijacking Incident
This post examines the technical mechanics used in the recent npm package hijack targeting the Bitwarden CLI. It explores how attackers manipulate both preinstall scripts and binary entrypoints to maintain legitimate metadata while executing malicious code.
Bitwarden CLI