Compromised npm Package Steals Long-Lived OpenAI Tokens from Developers31. May 2026Claude Code, Cybersecurity, OpenAIAttackers have infected a popular npm package (codexui-android, ~27,000 weekly downloads) with malware that steals long-lived OpenAI tokens while successfully evading code audits and Google Play reviews. Share on: