Keep reading and you’ll see this part:

> If you are a user, make sure you are double checking any transactions you are signing to make sure the addresses are correct. For more information, you can refer to the [SEAL Framework](https://frameworks.securityalliance.org/wallet-security/signing-verification.html) on signing and verifying transactions.

> If you are a user, make sure you are double checking any transactions you are signing to make sure the addresses are correct.

imo, [this](https://stacker.news/items/1216692?commentId=1216841) is the answer [if you don't have an external signer](https://stacker.news/items/1216692?commentId=1216743):

> If it swaps the address, you know which one you entered. Compare that one with the one it tells you you entered. No external signer needed.

If you are a package maintainer, there are a few ways you can check if you have been impacted, including:

If you are a user, make sure you are double checking any transactions you are signing to make sure the addresses are correct. For more information, you can refer to the 

bitcoin

How to Verify the Impact of the Recent NPM Attack on My Wallets?

spiderman

> #### Remediation
>
> If you are a package maintainer, there are a few ways you can check if you have been impacted, including:
> 
> - Checking your local node_modules to see if it contains the malware: grep -R 'checkethereumw'
> - Checking your npm cache with [this script](https://gist.github.com/phxgg/737198b6e945aba7046e9f9328576271) by phxgg
> - Checking your project with [this script](https://github.com/AndrewMohawk/RandomScripts/blob/main/scan_for_deps_qix-2025-08-09.sh) by AndrewMohawk
>
> If you are a user, make sure you are double checking any transactions you are signing to make sure the addresses are correct. For more information, you can refer to the [SEAL Framework](https://frameworks.securityalliance.org/wallet-security/signing-verification.html) on signing and verifying transactions.
>
> 👀 *https://stacker.news/items/1213891*

RemediationRemediation