The DuckDB distribution for Node.js on npm was compromised with malware (along with several other packages). An attacker published new versions of four of duckdb’s packages that included malicious code to interfere with cryptocoin transactions. According to the npm statistics, nobody has downloaded these packages before they were deprecated. The following packages and versions are affected: @duckdb/[email protected] @duckdb/[email protected] [email protected] @duckdb/[email protected] Note: The curre...