
Security News
npm v12 Ships With Install Scripts Off by Default, Begins Deprecating 2FA-Bypass Tokens
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.
@bitwarden/cli
Advanced tools
Affected versions:
The Bitwarden CLI is a powerful, full-featured command-line interface (CLI) tool to access and manage a Bitwarden vault. The CLI is written with TypeScript and Node.js and can be run on Windows, macOS, and Linux distributions.
Please refer to the CLI section of the Contributing Documentation for build instructions, recommended tooling, code style tips, and lots of other great information to get you started.
You can install the Bitwarden CLI multiple different ways:
NPM
If you already have the Node.js runtime installed on your system, you can install the CLI using NPM. NPM makes it easy to keep your installation updated and should be the preferred installation method if you are already using Node.js.
npm install -g @bitwarden/cli
Native Executable
We provide natively packaged versions of the CLI for each platform which have no requirements on installing the Node.js runtime. You can obtain these from the downloads section in the documentation.
Other Package Managers
choco install bitwarden-cli
brew install bitwarden-cli
⚠️ The homebrew version is not recommended for all users.
Homebrew pulls the CLI's GPL build and does not include device approval commands for Enterprise SSO customers.
sudo snap install bw
The Bitwarden CLI is self-documented with --help content and examples for every command. You should start exploring the CLI by using the global --help option:
bw --help
This option will list all available commands that you can use with the CLI.
Additionally, you can run the --help option on a specific command to learn more about it:
bw list --help
bw create --help
We provide detailed documentation and examples for using the CLI in our help center at https://help.bitwarden.com/article/cli/.
FAQs
A secure and free password manager for all of your devices.
The npm package @bitwarden/cli receives a total of 26,601 weekly downloads. As such, @bitwarden/cli popularity was classified as popular.
We found that @bitwarden/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.

Research
/Security News
Socket tracks the activity as Operation “Muck and Load”: a threat actor uses commit-farming workflows, public dead drops, and protected archives to stage Windows RAT and infostealer malware.

Security News
pnpm 11.10 hardens registry auth to block token redirection, tightens pack-app and deploy, and makes the Rust port (v12) installable.