Dark Reading

Supply Chain Attack Secretly Installs OpenClaw for Cline Users

The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.
Developer Tech

Socket security analysis on npm: A shield for supply chains

The npm registry now includes Socket security analysis links directly on package pages to help developers assess supply chain risks.