Malicious code in duckdb (npm)

The DuckDB Node.js package duckdb version 1.3.3 was compromised with malware through a sophisticated phishing attack targeting the DuckDB maintainers. An attacker created a pixel-perfect copy of the npmjs.com website at npmjs.help domain and tricked a maintainer into logging in and resetting 2FA...