Nunchuk apps are NOT vulnerable to the recent NPM security exploit.

Our apps are fully native, with no Javascript or NPM dependencies. This was a conscious decision to reduce our supply chain to the bare minimum.

We believe that for mission-critical software like a Bitcoin wallet, avoiding Javascript and the web-based ecosystems is a fundamental security principle.