A popular npm package, `codexui-android`, secretly exfiltrated OpenAI Codex authentication tokens, researchers report. According to Aikido Security researcher Charlie Eriksen, the package amassed about **27,000 weekly downloads** and, starting roughly a month after publication, every invocation began sending the contents of users' `auth.json` (Codex auth tokens) to an attacker-controlled endpoint, reportedly `sentry.anyclaw.store` (per Aikido blog). Cybernews reports the package delivered genuin