§ feed · storyline
Critical npm supply chain attack response
Vercel confirms a coordinated npm supply chain attack compromised the duckdb_admin account on 14 September 2025, distributing wallet-drainer malware via DuckDB-related packages, with no impact to Vercel customers.
On September 9, 2025, the campaign extended to DuckDB-related packages after the account was breached. These releases contained the same wallet-drainer malware, confirming this was part of a coordinated effort targeting prominent npm maintainers.duckdb_admin While Vercel customers were not impacted by the DuckDB incident, we continue to track activity across the npm ecosystem with our partners to ensure deployments on Vercel remain secure by default. Read more
§ sources1 publication · timeline below