SECURITY ALERT: Malicious obfuscated code found in nextjs template

[peterkyle01]

@syrusakbary I'm reporting an active supply-chain compromise in the Wasmer Next.js starter. The preinstall.js hook contains an obfuscated dropper using Unicode variation selectors to bypass static analysis.

It dynamically fetches encrypted logic from the Solana blockchain (Address: BjVeAjPrSKFiingBn4vZvghsGj9KCE8AJVtbc9S8o8SC). Even though the script crashed in my environment due to a property destructuring error, the intent to exfiltrate .env and .ssh data is clear. Recommend immediate removal of the repository.