privy

The easiest way to bring all your users onchain, regardless of whether they already have wallets | Customer love at privy.io/love

1/ You may have seen reports of today’s npm supply chain attack. 

@privy is not impacted – none of the compromised packages are part of our direct dependencies. 

Our security team has also created a script for others to scan their own code bases.

2/ For those interested in the technical details, please see our Head of Security Engineering’s full breakdown below. 

While the affected window was narrow, do check your builds to be sure. 

We’ll continue monitoring and share updates as needed.

summary_large_image

Lot of chatter about the QIX NPM compromise. TL;DR
-- Dev was compromised ~9am ET ( https://t.co/bgOwN57xyz )
-- Malicious packages removed at ~11.30 ET ( https://t.co/XApcXgcQoK )
If you installed in this time please check your codebase.

AndrewMohawk⁽ⁿᵘˡˡ⁾

marketing @privy | 2x founder | ✍️ author digitalmavericks.xyz paragraph.com/@debbie | 👩🏻‍💻 occasional vibe coder + renaissance woman | 🇸🇬 in 🇺🇸

2/ For those interested in the technical details, please see our Head of Security Engineering’s full breakdown below. 

While the affected window was narrow, do check your builds to be sure. 

We’ll continue monitoring and share updates as needed.
https://x.com/AndrewMohawk/status/1965116722375209305