Back to Feed
Supply ChainJul 11, 2026

jscrambler npm Package Compromised in Supply Chain Attack

jscrambler npm package compromised, injecting native binaries during install.

Summary

The popular jscrambler npm package, version 8.14.0, was compromised and included hidden native binaries that execute automatically during the npm install process. This supply chain attack targets developer workstations and CI environments, potentially exposing sensitive information like API keys, credentials, and cryptocurrency wallet data. The malicious version was detected six minutes after publication.

Full text

Research/Security NewsFake Braintree NuGet Package Skims Credit Cards and Harvests Merchant CredentialsA malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps. By Joseph Edwards - Jul 09, 2026

Indicators of Compromise

  • hash_sha256 — a742de963f14a92d24ebcbc7b44ac867e23a20d31d1b0094a13a4f83287f4e60
  • hash_sha256 — a41a523ef9517aab37ed6eea0ec881821bdcb7aefcb5c5f603adc7907f868c86
  • hash_sha256 — bba32ddeab075a5e5015eec50f5d2af364c95b848732c714aea6b6baf78f49f0
  • hash_sha256 — fbbcf4d8f98168f78f5c0c47a9ae56d59ec8ac84a7c9ca6b797fedfb8d62d2bd
  • hash_sha256 — b7ca95d1b23c8e67416a25cedf741de0917c2096bbc9d24649eea7853d054903
  • hash_sha256 — c8fd47d36bdf7c825378593ab82ed8c24d1dc52e26b507812393e24e1d5201fd

Entities

jscrambler (product)npm (technology)