Following a security incident affecting the JavaScript SDK of the XRP Ledger, developers received the green light to resume updates and integrations with caution. The xrpl.js library was updated to a safe version.
Security Incident
Developers of the XRP Ledger have been on high alert after a warning from validator and XRPL contributor Vet regarding compromised versions 4.2.1 and above of the xrpl.js library, raising serious concerns over the integrity of several active XRPL-based applications.
Availability of Safe Version 4.2.5
According to Vet, the new update of xrpl.js version 4.2.5 became available just minutes after his warning. He confirmed that the malicious code had been fully removed from the NPM registry, allowing developers to safely upgrade to this version.
Return to Normal Operations
The incident was a blow to the ecosystem, but its swift resolution and the release of the safe version helped restore trust. XRPL-based projects are now advised to check their builds and inform users about any necessary security updates.
With safe version 4.2.5 now available, developers can resume their work. However, the situation highlights the need for ongoing vigilance regarding security in the Web3 ecosystem.
