DuckDB confirms its Node.js and Wasm packages were compromised in an npm supply chain attack
According to ChainCatcher, DuckDB's official Twitter account posted that DuckDB's Node.js and Wasm packages were injected with malware during a recent npm supply chain attack. The official team has investigated and deprecated the affected versions, and has released new versions. DuckDB stated that, according to npm data, no users have downloaded the affected packages. The team has issued a security advisory detailing the post-incident analysis and response measures.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
A dormant address holding 30 ETH has been activated after 10.1 years of inactivity.
