Malicious npm Package “codex‑ui” Exfiltrates OpenAI Refresh Tokens from 27 K Developers
What Happened – A npm package named codex‑ui, downloaded roughly 27 000 times per week, was discovered to silently harvest OpenAI refresh tokens from developers’ environments and send them to an attacker‑controlled server.
Why It Matters for TPRM –
- Third‑party code can become a covert conduit for credential theft, bypassing traditional perimeter defenses.
- Compromised OpenAI tokens enable account takeover, unauthorized API usage, and potential data leakage of proprietary prompts or outputs.
- Vendors that embed or depend on open‑source components must validate supply‑chain hygiene to protect downstream customers.
Who Is Affected – SaaS developers, AI‑focused startups, and any organization integrating OpenAI’s API via npm.
Recommended Actions –
- Audit all dependencies for the codex‑ui package; remove or replace it immediately.
- Rotate all OpenAI refresh tokens and enforce least‑privilege scopes.
- Implement SCA (Software Composition Analysis) tools and enforce signed package policies.
Technical Notes – The malicious code leveraged a post‑install script to read the OPENAI_API_KEY/refresh token from environment variables and POST them to an external endpoint. No CVE was involved; the threat originated from a compromised third‑party dependency. Source: HackRead