VYPR

npm package

@duckdb/duckdb-wasm

pkg:npm/%40duckdb/duckdb-wasm

Malware

2 malicious versions on record

One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.

Vulnerabilities (1)

  • CVE-2025-59037HigSep 9, 2025
    affected >= 1.29.2, < 1.30.0fixed 1.30.0

    DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware (along with several other packages). An attacker published new versions of four of DuckDB's packages that included mali