Android

supply-chain 2026-06-01 High
codexui-android: npm Package Silently Exfiltrated OpenAI Codex Auth Tokens for a Month
A 29K-weekly-download npm package advertised as a remote web UI for OpenAI Codex has been quietly exfiltrating ~/.codex/auth.json — including non-expiring refresh tokens — to a fake Sentry endpoint since v0.1.82.
npm supply-chain openai-codex credential-theft ai-tooling oauth android nodejs

codexui-android: npm Package Silently Exfiltrated OpenAI Codex Auth Tokens for a Month