Fabian Iwand

Right, but the link will still be considered as external, which doesn't seem ideal because it gets the external marker and has referrers disabled. I don't feel strongly, but my...

This workaround (or a similar monkeypatch of `stream.destroy`) seems to do the trick: ```js import QueryStream from "pg-query-stream"; class QueryStreamAurora extends QueryStream { destroy(err) { if (err) this.emit("error", err); return...

@carlopi Can we assist in any way to help resolve this issue?

[@next](https://www.npmjs.com/package/@duckdb/duckdb-wasm/v/next) is now pointing to the latest stable release 1.30.0, while [@latest](https://www.npmjs.com/package/@duckdb/duckdb-wasm/v/latest) points to a version 1.29.2 that has been deprecated with the message "Security breach". 🤔

Thank you!

@azu The upload of those extensions appears to be managed through the [duckdb/duckdb repo](https://github.com/duckdb/duckdb). I don't think they would have been affected by the advisory, but if you're concerned I...

@carlopi I'm afraid this still seems to be an issue. `@latest` still points to 1.30.0, while `@next` points to 1.31.0.

Looks like the publishing step was skipped because the ref wasn't `main`? For future reference: - workflow run: https://github.com/duckdb/duckdb-wasm/actions/runs/18039916240/job/51343813569#step:2:128 - workflow step: https://github.com/duckdb/duckdb-wasm/blob/64fe98cb8651a7a1180a744c60a8232cb7290281/.github/workflows/main.yml#L1096-L1105 - publish script: https://github.com/duckdb/duckdb-wasm/blob/main/scripts/npm_publish_lib.sh

@carlopi Is there anything I can do to help get this resolved?

`next` is now pointing to [`1.31.1-dev1.0`](https://www.npmjs.com/package/@duckdb/duckdb-wasm/v/1.31.1-dev1.0), while `latest` is still at [`1.30.0`](https://www.npmjs.com/package/@duckdb/duckdb-wasm/v/1.30.0).