privy

The easiest way to bring all your users onchain, regardless of whether they already have wallets | Customer love at privy.io/love

1/ You may have seen reports of today’s npm supply chain attack. 

@privy is not impacted – none of the compromised packages are part of our direct dependencies. 

Our security team has also created a script for others to scan their own code bases.

marketing @privy | 2x founder | ✍️ author digitalmavericks.xyz paragraph.com/@debbie | 👩🏻‍💻 occasional vibe coder + renaissance woman | 🇸🇬 in 🇺🇸

summary_large_image

-- Malicious packages continued:
simple-swizzle@0.2.3 is-arrayish@0.3.3 error-ex@1.3.3 ansi-regex@6.2.1 ansi-styles@6.2.2 supports-color@10.2.1 debug@4.4.2

-- Any direct and transient dependencies in that time using these versions would have been malicious.

Any components could have indirect dependencies that if a build was installed that included these versions would have been vulnerable.

You can use this script to scan or DIY:
https://t.co/jwEwQ9N9FT

Stay safe.

AndrewMohawk⁽ⁿᵘˡˡ⁾

Tortoise Token

https://x.com/andrewmohawk/status/1965116726691201367?s=46&t=zH7_-rMqorYJ86yQz5PkVg