He noted that the potential attack would be limited to third-party services that updated to the malicious versions within a short window. The backdoor also appears to be limited only to versions of the code on Node Package Manager (NPM), a GitHub-like tool used by developers to share reusable JavaScript packages for Node.js projects. Several projects related to XRP, including Xaman Wallet and XRPScan, noted that their services are likely secure.

Quote

Sources

XRP Ledger Foundation discloses 'serious vulnerability' in recently updated version of XRPL JavaScript library