DuckDB has confirmed that its Node.js and Wasm packages were compromised in a recent npm supply chain attack. The company announced via Twitter that malicious software was embedded in these packages, prompting the deprecation of affected versions and the release of new, secure versions. According to npm data, no users have downloaded the compromised packages. DuckDB has issued a security advisory outlining the incident analysis and response measures taken to address the breach.
DuckDB Node.js and Wasm Packages Hit by npm Supply Chain Attack
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.