Great question! To minimize risks, we recommend referencing specific versions in production environments for stability and control. This approach lets you lock in a known, secure version. For those needing the latest features, referencing “latest” is an option, but for @lottiefiles/lottie-player specifically, we won’t be issuing further updates.
We’re actively securing our package distribution methods to prevent future incidents, and we encourage users to transition to our new dotLottie player, which we are actively developing and enhancing for better performance