STEPSECURITY detected early supply chain risk signals in a legitimate kilocode npm release, highlighting how small behavioural changes can quietly erode trust before an attack. On 29 January 2026, their monitoring flagged the new release of @kilocode/cli that differed from prior versions in key ways, including the absence of provenance attestations after the release pipeline moved to a new repository.
A newly introduced postinstall script performs OS and architecture detection and creates symlinks to platform-specific binaries such as @kilocode/cli-darwin-arm64, with these binaries not verified by checksums or signatures. The changes altered how the package is built, published and executed during installation, yet the release itself was legitimate and a GitHub issue was opened to flag the risk signals, with maintainers responding quickly to fix the issues.
The post-install script and loss of provenance illustrate why this class of signal matters, and the post-install execution point is a well recognised high-risk area that can be exploited if integrity verification is neglected.