@duckdb.org on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

DuckDB

duckdb.org

did:plc:id67xmpji7oysb7vitsodr4v

In the recent npm supply chain attack, DuckDB's Node.js and Wasm packages were compromised with malware. We have investigated the issue, deprecated the affected packages and released new versions. We have released a security advisory that contains our full postmortem: https://github.com/duckdb/duckdb-node/security/advisories/GHSA-w62p-hx95-gf2c

2025-09-09T09:37:42.903Z