Advisories for Npm/@Duckdb/Duckdb-Wasm package

The DuckDB distribution for Node.js on npm was compromised with malware (along with several other packages). An attacker published new versions of four of duckdb’s packages that included malicious code to interfere with cryptocoin transactions. The following packages and versions are affected: @duckdb/node-api@1.3.3 @duckdb/node-bindings@1.3.3 duckdb@1.3.3 @duckdb/duckdb-wasm@1.29.2 Note: The current release version of DuckDB is 1.3.2, with 1.4.0 expected to be released on Sept 10th, 2025 (tomorrow as of this writing). …

The DuckDB distribution for Node.js on npm was compromised with malware (along with several other packages). An attacker published new versions of four of duckdb’s packages that included malicious code to interfere with cryptocoin transactions. The following packages and versions are affected: @duckdb/node-api@1.3.3 @duckdb/node-bindings@1.3.3 duckdb@1.3.3 @duckdb/duckdb-wasm@1.29.2 Note: The current release version of DuckDB is 1.3.2, with 1.4.0 expected to be released on Sept 10th, 2025 (tomorrow as of this writing). …