The Bitwarden security team identified and contained a malicious package that was briefly distributed through the npm delivery path for @bitwarden/
[email protected] between 5:57 PM and 7:30 PM (ET) on April 22, 2026, in connection with a broader Checkmarx supply chain incident. The investigation found no evidence that end user vault data was accessed or at risk, or that production data or production systems were compromised. Once the issue was detected, compromised access was revoked, the malicious ...
I update after I feel all the early adopters have worked out all the bugs for me.
Pretty much with anything ya.
Unless there’s some super important thing I need in the latest release, if my shit works and there’s no security vulnerability, im in no rush to update.
That is a genuinely good strategy.