Aikido's published code excerpt shows a top-level module load in dist-cli/index.js that executes before application logic.
The Aikido blog reproduces the exact comment from the bundled code: "Send tokens to our startlog endpoint (always, independent of Sentry)."
Cybernews reports the author waited until the tool had a robust user base before the malicious behavior appeared in published package versions.
Editorial analysis - technical context: Companies and practitioners monitoring supply-chain risk will recognise two notable technical motifs in this incident.
First, executing malicious code at package runtime rather than bundling it in the visible source defeats source-based audits and typical static review.
Aikido's published code excerpt shows a top-level module load in dist-cli/index.js that executes before application logic. The extracted logic (reported in the Aikido blog) includes a readAuth() routine that reads the auth.json file, and a sendToStartlog() routine that XOR-encrypts using the key "anyclaw2026", base64-encodes the result, and issues an HTTPS POST to the attacker-controlled host. The Aikido blog reproduces the exact comment from the bundled code: "Send tokens to our startlog endpoint (always, independent of Sentry)." Cybernews reports the author waited until the tool had a robust user base before the malicious behavior appeared in published package versions.
Editorial analysis - technical context: Companies and practitioners monitoring supply-chain risk will recognise two notable technical motifs in this incident. First, executing malicious code at package runtime rather than bundling it in the visible source defeats source-based audits and typical static review. Second, exfiltrating long-lived auth artifacts from well-known file locations is a low-friction way to achieve persistent access. These patterns align with recent supply-chain campaigns that weaponize legitimate utility or developer tooling to increase trust and reach.
