Home » Support » Appian Knowledge Base » KB-2349 Information about the NPM Software Supply Chain Attack

KB-2349 Information about the NPM Software Supply Chain Attack

On 09-Sep-2025, multiple npm packages were compromised as part of a software supply chain attack after the accounts for official maintainers of the npm package manager were compromised.

Appian has investigated this incident and, as of 09-10-2025, determined that it is not impacted as none of the affected package versions listed below are utilized. We will continue to monitor the situation and provide updates as appropriate.

Supporting Documentation

Investigated Package Versions

  • Ansi-regex v6.2.1
  • Ansi-styles v6.2.2
  • Backslash v0.2.1
  • Chalk v5.6.1
  • Chalk-template v1.1.1
  • Color-convert v3.1.1
  • Color-name v2.0.1
  • Color-string v2.1.1
  • Debug v4.4.2
  • Error-ex v1.3.3
  • Has-ansi v6.0.1
  • Is-arrayish v0.3.3
  • Proto-tinker-wc v1.8.7
  • Supports-hyperlinks v4.1.1
  • Simple-swizzle v0.2.3
  • Slice-ansi v7.1.1
  • Strip-ansi v7.1.1
  • Supports-color v10.2.1
  • Wrap-ansi v9.0.1
  • coveops/abi v2.0.1
  • duckdb/duckdb-wasm v1.29.2
  • duckdb/node-api v1.3.3
  • duckdb/node-bindings v1.3.3
  • Duckdb v1.3.3
  • Prebid v10.9.1
  • Prebid v10.9.2
  • Prebid-universal-creative v1.17.3

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: Sep 10, 2025

Related
Recommended
© 2025 Appian. All rights reserved.
We want to hear from you! Submit a review on Gartner or G2.