Official XRP NPM Package Compromised with Key-Stealing Malware

The official XRPL package on NPM, which is the SDK for interacting with the Ripple ledger, has been compromised by malware. A malicious function, checkValidityOfSeed, was inserted to send private keys to an attacker's domain. The code was committed by a user, mukulljangid, suspected to be a compromised Ripple employee account. The affected versions include 4.2.4, 4.2.3, 4.2.2, 4.2.1, and 2.14.2.