The XRP Ledger Foundation warns that some versions of the recently released xrpl JavaScript library have potential security vulnerabilities, which are widely used to build applications that interact with XRP Ledger. The vulnerability was discovered by Charlie Eriksen, a researcher at Aikido Security, and could allow attackers to steal user private keys, posing a serious supply chain attack risk. The affected versions are v4.2.1 to v4.2.4 and v2.14.2, limited to code hosted on NPM. The foundation has released a fix version v4.2.5 and recommends that related projects upgrade as soon as possible. This vulnerability does not affect XRP Ledger itself or its GitHub code repository. （TheBlock） https://www. (wublock123.com)/index.php? m=content&c=index&a=show&catid=6&id=41325