MAL-2025-46991 Malicious code in @duckdb/duckdb-wasm (npm)

The DuckDB Node.js package @duckdb/duckdb-wasm version 1.29.2 was compromised with malware through a sophisticated phishing attack targeting the DuckDB maintainers. An attacker created a pixel-perfect copy of the npmjs.com website at npmjs.help domain and tricked a maintainer into logging in and...