With all the JS shenanigans, I wouldn't move any coin right now.
I don't see why and where this should/could affect my electrum wallet.
Maybe I miss the point here, but if a wallet is depending on sucking in literally hundreds of libraries from don't-know-where it's probably nothing for me anyway.
True, I believe the update wasn’t exposed for too long, but since they’re popular we might already be talking about millions, maybe even billions of downloads. It’s been taken down(at least from his recent update regarding the issue), but the malware is still out there on devices, pushed through updates and so on.
Cold wallets shouldn’t have any problem, even if there are other apps on them since they don’t accept updates. Electrum shouldn’t be affected either… This mainly affects apps built on JavaScript frameworks running on devices that actively connect to the internet. Don’t know how the malware works but I’d just be careful in case any of my other React Native,Electron.. apps have received updates recently.