Security Update: NPM QIX attack
We want to reassure our community that Highlight is unaffected by the recent NPM QIX attack.
What happened?
An attacker compromised an NPM developer’s account and published malicious versions of widely used open-source packages. Apps that updated those packages today may have unknowingly included the malicious code, which can attempt to propose harmful transactions to users.
Highlight is not impacted.
We’ve confirmed that our app has not pulled in any of the affected updates since the attack. Highlight remains safe to use.
As always, please be cautious and only approve transactions you fully understand.
