Cline CLI npm Package Compromised via Suspected Cache Poisoning Attack

A compromised npm token—stolen via a sophisticated AI-driven CI/CD pipeline attack—was used to publish a malicious Cline CLI version that silently installed powerful software on tens of thousands of developer machines, after repeated ignored warnings from a security researcher.