Crypto-Hijack - September 8, 2025

For more information, please visit our blog: NPM Supply Chain Attack: Sophisticated Multi-Chain Cryptocurrency Drainer Infiltrates Popular Packages
Customer Reference Sheet:

Package Name	Package Version(s)	MSC
backslash	0.2.1	MSC-2025-7955
chalk-template	1.1.1	MSC-2025-7876
supports-hyperlinks	4.1.1	MSC-2025-7872
has-ansi	6.0.1	MSC-2025-7873
simple-swizzle	0.2.3	MSC-2025-7886
color-string	2.1.1	MSC-2025-7875
error-ex	1.3.3	MSC-2025-7881
color-name	2.0.1	MSC-2025-7882
is-arrayish	0.3.3	MSC-2025-7953
slice-ansi	7.1.1	MSC-2025-7874
color-convert	3.1.1	MSC-2025-7954
wrap-ansi	9.0.1	MSC-2025-7877
ansi-regex	6.2.1	MSC-2025-7880
supports-color	10.2.1	MSC-2025-7879
strip-ansi	7.1.1	MSC-2025-7878
chalk	5.6.1	MSC-2025-7884
debug	4.4.2	MSC-2025-7887
ansi-styles	6.2.2	MSC-2025-7871
proto-tinker-wc	0.1.87	MSC-2025-7883
prebid-universal-creative	1.17.3	MSC-2025-7890
duckdb	1.3.3	MSC-2025-7949
@duckdb/node-api	1.3.3	MSC-2025-7888
@duckdb/node-bindings	1.3.3	MSC-2025-7889
@duckdb/duckdb-wasm	1.29.2	MSC-2025-7930
prebid.js	10.9.2	MSC-2025-7950
prebid	10.9.1	MSC-2025-7951
prebid	10.9.2	MSC-2025-7952
@coveops/abi	2.0.1	MSC-2025-7948

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.