Such an intrusion has prompted automated delivery of the malicious lottie-player NPM package versions among users who obtained the library through third-party content delivery networks.
Article Link: Supply chain attack compromises LottieFiles npm package with crypto drainer | SC Media