🚨 A massive NPM supply chain attack is currently happening. High-download packages like strip-ansi and is-core-module have been compromised.

⚠️ The attack involves malware that changes crypto addresses to divert funds.
✅ Users of hardware wallets should verify all transactions before signing.
❌ Those without hardware wallets should avoid on-chain transactions temporarily.

🚨 A large-scale supply chain attack is ongoing: a reputable developer's NPM account has been breached. These compromised packages, collectively downloaded over 1 billion times, pose a risk to the JavaScript ecosystem.

The malicious code switches crypto addresses in real time to steal funds.

If using a hardware wallet, ensure to check each transaction prior to signing for safety.