The Cline CLI npm package was briefly but alarmingly accessible to attackers through a compromised publish token, exposing developers who installed it during an 8-hour window on February 17, 2026 This article explores malicious version cline. . The incident emphasizes how developer tooling ecosystems are increasingly vulnerable to supply chain attacks.

A malicious version of the Cline CLI, a well-known AI coding assistant used in VS Code and JetBrains environments, was pushed to the npm registry as cline@2.3.0 on February 17 at 3:26 AM PT by an unauthorized party using a stolen npm publish token. The package was the only file altered by the attacker.json, inserting a postinstall script that, when installed, silently ran npm install -g openclaw@latest. The core CLI binary (dist/cli.mjs) and all other package contents were the same as those of the official cline@2.2.3 release.

Although OpenCLAW is described as a legitimate, non-malicious open source package, its unapproved installation raises grave concerns about the possibility of more hazardous payloads in similar future attacks. About eight hours after the first unauthorized release, at 11:23 AM PT, the Cline team discovered the tampered release and released a corrected version (2.4.0). The compromised 2.3.0 was deprecated at 11:30 AM PT.

Since then, the compromised token has been revoked, and in order to strengthen the release pipeline moving forward, the project has moved npm publishing to OIDC provenance via GitHub Actions. This incident did not impact the JetBrains plugin or the Cline VS Code extension.

Developers who installed cline@2.3.0 during the impacted window should use cline update or npm install -g cline@latest to update to the most recent version right away. They can also use cline --version to verify the version. You can use npm uninstall -g openclaw to get rid of OpenCLAW if it was installed accidentally.

Token hygiene should be enforced across all package registries, and organizations utilizing AI developer tools in their pipelines should audit installed CLI tooling. X, LinkedIn, and LinkedIn for daily ZeroOwl. To have your stories featured, get in touch with us.