Bitwarden’s official @bitwarden/cli npm package went malicious for 93 minutes on Tuesday. The payload reads your ~/.claude/mcp.json first, then sweeps GitHub tokens, SSH keys, and cloud credentials. Exactly 334 developers ran npm install in the wrong window.
The attack compromised Bitwarden’s own CI/CD pipeline, not a typosquatting trick. The worm self-propagates using stolen npm tokens, turning every victim into a distribution point.
In today’s indie hacker news:
- Bitwarden CLI backdoored, targets Claude MCP configs
- GPT-5.5 ships at double the price, no API yet
- DeepSeek V4 matches Claude on code, 107x cheaper
- Meta cuts 8,000 jobs for $135B AI bet
- Anthropic admits three bugs broke Claude Code for six weeks
TOP STORIES
NPM INSTALL FROM HELL
🏴☠️ Bitwarden’s npm package was backdoored for 93 minutes, targets ~/.claude/mcp.json
The story: The official @bitwarden/cli npm package version 2026.4.0 distributed malware between 5:57 PM and 7:30 PM ET on April 22. A compromised GitHub Action in Bitwarden’s CI/CD pipeline injected the payload into the npm build. It fires via a preinstall hook, zero interaction required.
The malware targets Claude MCP configs, GitHub tokens, SSH keys, .env files, and cloud credentials. It self-propagates using your stolen npm token to republish infected packages from your own account.
The details:
- 334 users downloaded the compromised version during the 93-minute window
- Targets ~/.claude/mcp.json specifically, plus GitHub/npm tokens, SSH keys, AWS/Azure/GCP creds
- Self-propagating worm: uses your stolen npm token to infect your own packages
- C2 endpoint impersonates Checkmarx (audit.checkmarx[.]cx), not a real Checkmarx breach
- Clean version 2026.4.1 is out. Snap package wasn’t affected
Why builders care: If you ran npm install between 5:57 and 7:30 PM ET on April 22 with @bitwarden/cli, your secrets may have been exfiltrated. The ~/.claude/mcp.json targeting means Claude Code users leaked API keys for every connected MCP server. Rotate everything.
Work from any WiFi like it's your home network. NordVPN's Meshnet runs a free private mesh between your laptop, dev box, and home server. SSH from a café without exposing a port, the way you'd use Tailscale. The paid VPN on top lets you test geo-fenced Stripe checkouts or feature flags from any country.
We get a cut if you sign up. Only added for tools we use ourselves.
ALL BENCHMARKS, NO API
🧠 OpenAI ships GPT-5.5 at double the price, delays API indefinitely
The story: GPT-5.5 launched April 23, the first full retrain since GPT-4.5. Available in ChatGPT and Codex for paid subscribers. API access is explicitly delayed with no date.
The details:
- API pricing: $5/1M input, $30/1M output. Exactly 2x GPT-5.4
- 82.7% Terminal-Bench 2.0 vs Opus 4.7 69.4%, Gemini 3.1 Pro 68.5%
- SWE-Bench Pro: Opus 4.7 still leads 64.3% vs GPT-5.5 58.6%
- 1M token context window, same as GPT-5.4
- Sam Altman called it “the last major milestone before AGI”
Why builders care: The agentic coding scores are strong, but you can’t use the API today. ChatGPT subscribers get it now. API builders wait. On actual GitHub issue resolution, Opus 4.7 still wins. Pick your workload, not the press release.
OPEN WEIGHTS HIT DIFFERENT
⚡ DeepSeek V4 matches Claude on code at 1/107th the output price
The story: DeepSeek V4-Pro (1.6T params, 49B activated) and V4-Flash (284B, 13B activated) shipped as preview weights under MIT license. Both support 1M token context. V4-Pro hits 80.8% on SWE-Verified, matching Claude Opus 4.6’s 80.6% on real code fixes. V4-Flash costs $0.28/1M output vs GPT-5.5’s $30/1M. 107x cheaper.
The details:
- V4-Pro: 93.5 LiveCodeBench vs Gemini 3.1 Pro 91.7, GPT-5.4 78.1
- V4-Flash: $0.28/1M output, 107x cheaper than GPT-5.5
- 27% of V3.2’s inference FLOPs, 10% of its KV cache at 1M context
- MIT license, fully open weights, commercial use allowed
- API isn’t live yet (still serves V3.2). Self-hosting only today
Why builders care: First open-weight model to match a closed frontier on code. V4-Flash at $0.28/1M is the real story for high-volume pipelines. The catch mirrors GPT-5.5’s: no API yet. Self-hosting 1.6T params means serious infra, but MIT license means anyone can try.
8,000 OUT, $135B IN
🏢 Meta cuts 8,000 jobs, cancels 6,000 reqs for a $135B AI bet
The story: Meta told staff on April 23 it’s cutting 8,000 employees (10% of 78,865) by May 20 and cancelling 6,000 open reqs. That’s 14,000 effective positions gone. Teams restructured into AI-focused “pods.” The savings offset a $115-135B capex budget for 2026, nearly double 2025’s ~$72B.
The details:
- 14,000 effective positions eliminated (8K cuts + 6K cancelled reqs)
- $7-8B annualized savings (Bank of America estimate)
- US severance: 16 weeks base + 2 weeks per year of service + 18 months health coverage
- 33,000+ positions eliminated since November 2022
- Zuckerberg, January: “Projects that used to require big teams now be accomplished by a single very talented person”
Why builders care: 8,000 senior engineers hit the job market with 4-6 months of severance runway. Some will cofound. Some will join early-stage teams. Meta deprioritizing non-AI features opens surface area for indie products.
THE CONFESSION
🔬 Anthropic admits three bugs silently degraded Claude Code for six weeks
The story: Anthropic’s postmortem traced Claude Code quality complaints to three harness-level bugs. The models weren’t degraded. The API was never affected.
Bug 1 (March 4): reasoning effort silently dropped from “high” to “medium.” Bug 2 (March 26): a caching error cleared thinking context every turn. Bug 3 (April 16): a system prompt capped responses to 25 words between tool calls, causing a 3% coding quality drop.
The details:
- 34 days at reduced reasoning effort (March 4 to April 7)
- 15 days of context-clearing caching bug (March 26 to April 10)
- 3% measured coding quality drop from verbosity cap (April 16 to April 20)
- All fixes shipped in v2.1.116, April 20
- Usage limits reset for all subscribers as compensation
Why builders care: If you call Claude’s API directly, you were never hit. The harness layer silently degraded quality in ways no changelog showed. The lesson: any AI wrapper can introduce quality regressions independent of the model itself.
TRENDING TODAY
🏛️ US gov memo accuses China of “industrial-scale” AI model theft - White House OSTP issued NSTM-4 on adversarial distillation. 339 upvotes, 369 comments on r/LocalLLaMA. Follow-on legislation could threaten Llama, Qwen, and open weights broadly.
⚠️ GitHub Actions, Webhooks, and Copilot went down for 78 minutes - Multi-service incident on April 23. CI/CD pipelines and PR automation broke simultaneously. 222 HN points, 109 comments. Root cause not disclosed.
⚖️ Federal judge rules AI chats have no attorney-client privilege - 145 upvotes, 74 comments on r/artificial. If this holds, every conversation you have with a Claude or GPT legal assistant is discoverable in court.
DRAMA
FORK THE CODE, FORK THE TEAM
🔥 MeshCore splits after co-dev secretly trademarks the name and vibe-codes the firmware
MeshCore, an open-source LoRa mesh networking firmware with 100K+ active users and 38K+ nodes, is splitting in two. Team member Andy Kirby secretly filed a trademark for “MeshCore” on March 29 and was revealed to have built his MeshOS product line using majority AI-generated firmware without telling the team. The core devs are keeping the GitHub repo and meshcore.io. Andy keeps meshcore.co.uk and the trademark claim.
Why builders care: Trademark your open-source project name before a contributor does. And the community’s distrust of vibe-coded firmware for safety-critical hardware shows there’s a ceiling on where AI-generated code is welcome.
FIRST DOLLAR
ZERO AD SPEND SPEEDRUN
💰 AI agent skills marketplace: 8,000 users in 8 weeks, $0 on ads
u/BadMenFinance on r/SaaS. 69 upvotes, 61 comments. Built an AI agent skills marketplace reaching 8,000 active users in 8 weeks with zero paid ads. Self-reported, unverified, but the agent skills category is exploding (skills.sh hit 83K+ skills since January).
STACK OF THE DAY
🛠️ Honker - Postgres NOTIFY/LISTEN semantics for SQLite. Rust extension with Python, Node, Go, Ruby, and Elixir bindings. Monitors the WAL file (a stat() syscall, not a DB query) for changes. Delivers cross-process notifications at ~0.7-2ms latency. Perfect for SQLite-native apps that outgrow polling but don’t want a message broker. 312 GitHub stars, experimental. Free, open source.
Not sponsored. We just feature tools builders would actually use.
BOOKMARKED TODAY
🌐 “I am building a cloud” - David Crawshaw on starting a cloud infrastructure company from scratch. 1,029 HN points, 509 comments. The most-upvoted HN post of the day.
💸 Exited my $25k/mo SaaS: practical advice from the other side - Post-exit lessons on r/SaaS. 61 upvotes, 20 comments.
📝 Tolaria: open-source macOS app for Markdown knowledge bases - Native macOS knowledge management built around Markdown files. 129 HN points, 43 comments.
Curated by AI, built by a human.