We have identified that certain npm packages starting with @ensdomains published around 5:49am UTC today may be affected by a Sha1-Hulud supply-chain attack that has compromised over 400 NPM libraries, including several ENS packages. The team has updated all latest tags and is proceeding with key rotations and currently attempting to unpublish all impacted versions. USERS: Current reviews indicate that ENS Labs-operated websites, including http://app.ens.domains, have not shown signs of impact related to this issue. At this time, there is no evidence that names have been affected. DEVS: If you have not installed ENS packages within the past 11 hours [since 5:49am UTC on November 24, 2025], there is no indication you are affected. If you have, please refer to the following link with a list of affected packages and install the latest version. We will continue monitoring and provide updates as more information becomes available. Developers or teams with questions can contact us through established support channels. https://go.ens.xyz/npm-attack(ens.eth)