DuckDB confirms that its Node.js and Wasm packages are attacked by npm supply chain

PANews September 10th news, DuckDB official tweeted that DuckDB's Node.js and Wasm software packages have been implanted with malware in recent npm supply chain attacks. The affected version has been investigated and deprecated, and a new version has been released at the same time. DuckDB said that according to npm data, no users downloaded the affected package. The team has issued a safety notice detailing the post-event analysis and response measures.