The XRP Ledger Foundation has warned of a potential security vulnerability in recent versions of the xrpl JavaScript library (v4.2.1–4.2.4 and v2.14.2), which could allow attackers to steal user private keys and pose a serious supply chain risk. The issue affects only versions published on NPM. A patched version, v4.2.5, has been released, and affected projects are urged to update immediately. https://t.co/M1x88zSc0w