Techly NewsGet the app

Get the latest tech news

DuckDB NPM packages 1.3.3 and 1.29.2 compromised with malware


The DuckDB distribution for [Node.js](http://node.js/) on [npm](https://www.npmjs.com/) was compromised with malware (along with [several other packages](https://www.aikido.dev/blog/npm-debug-and-c...

An attacker published new versions of four of duckdb’s packages that included malicious code to interfere with cryptocoin transactions. We have also reached out to npm support to actually delete the affected versions. We are reviewing our internal processes to ensure the safety of future releases.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of malware

malware

Photo of DuckDB NPM

DuckDB NPM

Photo of DuckDB NPM packages

DuckDB NPM packages

Related news:

News photo

You too can run malware from NPM (I mean without consequences)

News photo

Attackers snooping around Sitecore, dropping malware via public sample keys

News photo

Google to verify all Android devs to protect users from malware

« You too can run malware from NPM (I mean without consequences)
Samsung Galaxy S26 Ultra camera leak suggests sharper, brighter low-light photos »