Ripple's xrpl.js NPM Package Compromised in Supply Chain Attack

The npm JavaScript library for the Ripple cryptocurrency, known as xrpl.js, has been compromised by unknown malicious actors in a software supply chain attack aimed at stealing and exfiltrating users' private keys. The affected versions are 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. The issue has been fixed in versions 4.2.5 and 2.14.3.