An important NPM developer, Qix, has had its committed account. It was used to push the malware that is directed and looks for bitcoin and cryptocurrency wallets in user devices. If detected, the malware would repair the code functions used to coordinate the transaction signature and replace the address that a user is trying to send money with one of the directions of the creator of malware.
This should be a concern for the users of the web wallet, so in the ordinals or runes/other users of the Bitcoins Token, since unless an update for your normal software wallet has been pressed today with the committed dependence, or if your wallet dynamically loads the code directly from the wallet of the end of the wallet that must be fine, it must be fine.
NPM is a package administrator for Node.js, a popular JavaScript frame. This means that it is used to obtain large pre -written code sets used so that common functionality is integrated into different programs without the developer having to rewrite the basic functions.
Specific packages were not specific to cryptocurrency, but the packages used by innumerable numbers of normal applications built with node.js, not only cryptocurrency wallets.
If you are using a hardware wallet in combination with your web wallet, be very careful to verify in the device itself that the destination address you are sending is also correct before signing anything.
If you are using software keys on the web wallet itself, it would be advisable not to open them or make transactions until you are sure that you are not executing a vulnerable version of the wallet. The safest course of action would be to wait for an advertisement of the team that develops the wallet you use.