[NEWSLETTER]score: 1.16
npm Package With 27K Weekly Downloads Silently Exfiltrated OpenAI Tokens
June 2, 2026
codexui-android injected a malicious JavaScript loader starting at version 0.1.82 that exfiltrated OpenAI tokens — including non-expiring refresh tokens — while the public GitHub repo showed clean code. With roughly 27,000 weekly downloads, exposure is potentially broad.
HOW THIS AFFECTS YOU
●
builderRotate any OpenAI API keys on systems that had codexui-android installed at or after version 0.1.82, and audit npm dependencies for source-repo divergence.
●
founderA supply chain attack targeting AI API credentials at this download scale signals that credential theft via dev tooling is an active threat vector worth adding to your security posture.
●
policyNon-expiring refresh token theft via a popular dev package illustrates the risk of long-lived AI API credentials and the gap between published source and distributed packages.