Local-Workstation npm Preinstall-Hook Quarantine Layer For Solo Devs And AI-Coding-Agent Users After The April 22 2026 Bitwarden CLI Wormable Attack
On April 22 2026 the malicious @bitwarden/cli@2026.4.0 published for 90 minutes, fired its preinstall hook on every npm install during the window, and silently exfiltrated AWS, GCP, GitHub, npm tokens, SSH material, shell history, and AI-coding-assistant config files into attacker-controlled commits. Existing supply-chain tooling (Socket, Snyk, Dependabot) is CI-centric and runs after install. The gap is a sub-second wrapper on the developer's laptop that intercepts npm/pnpm/yarn install, runs preinstall scripts in a syscall-sandbox, blocks outbound network during postinstall, and blasts a notification if any package tries to read ~/.aws/, ~/.ssh/, .env, or the Cursor/Claude Code/Codex config dirs. Indie devs and freelancers (who don't have a corporate SOC) want this.
Don't try to be Snyk. The wedge is the laptop experience: a 200-line wrapper that aliases npm/pnpm/yarn, runs the lifecycle script under a profile that blocks reads outside the project dir and blocks outbound DNS during postinstall. Sell it as 'an oven mitt for npm install' to indie devs who already lost a night to this attack class.
landscape (4 existing solutions)
The market has CI-side scanners and OS-level sandboxes, but nothing in between. The gap is a dev-laptop wrapper that intercepts the package manager, runs lifecycle scripts in a syscall-restricted sandbox with no access to secrets dirs, and surfaces a notification when something tries to break out.