The Trojan Coding Assistant: How a Compromised Token Pushed a Shadow Release of Cline

An incident has transpired within the npm registry involving the Cline CLI utility; for a duration of several hours, a version featuring an altered installation script was disseminated to users. The developers have confirmed that a publication token was compromised, enabling an unauthorized party to upload a modified release.

The complication specifically impacted the cline package, version 2.3.0, published on February 17, 2025, at 3:26 AM PST. A clandestine postinstall script was integrated into the package.json file, which, upon installation, automatically executed a command to globally install an auxiliary package titled openclaw. Notably, all other components, including the primary executable module dist/cli.mjs, remained identical to the preceding legitimate release, version 2.2.3.

The openclaw project is unaffiliated with Cline and reportedly contains no deleterious code; nonetheless, its deployment was not sanctioned by the official team. Consequently, this event is characterized not as a malware infusion, but as an unauthorized manipulation of the software supply chain.

The compromised iteration remained accessible for approximately eight hours until 11:30 AM that same day. At 11:23 AM, the developers issued a remediated release, version 2.4.0, and subsequently designated version 2.3.0 as deprecated. The compromised token was revoked, and future package publications will utilize the OIDC (OpenID Connect) authentication mechanism via GitHub Actions, a measure intended to mitigate the risk of a recurring breach.

This incident pertains exclusively to the cline CLI package on npm; the Cline extension for Visual Studio Code and the plugin for JetBrains remain unaffected. Users who installed cline@2.3.0 within the specified window are stringently advised to upgrade to the latest version and verify their systems for the presence of the globally installed openclaw package, which may be removed via standard npm commands if necessary.