The ongoing NPM supply chain attack has extended to DuckDB’s maintainer account, with malicious versions of 'duckdb' and 'duckdb-wasm' containing wallet-stealing malware, though the impact remains limited.
The DuckDB NPM account was compromised in an ongoing supply chain attack, leading to the release of malicious versions of 'duckdb' and 'duckdb-wasm.' These versions are linked to wallet-stealing malware, but the overall impact appears minimal. Security warnings have been issued as a precaution.