❌

Normal view

Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

11 July 2026 at 17:59
The jscrambler npm package was compromised, and simply installing itsΒ 8.14.0Β release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries aΒ preinstallΒ hook that drops and executes a native binary, one build each for Windows, macOS, and Linux. Socket flagged the releaseΒ six minutes after it was published. If you or one of your

❌