CRITICALAdvisoryJul 13, 2026
Action required
Immediate: Check npm audit logs and package-lock.json files across your environment for jscrambler 8.14.0. Isolate any affected developer machines, revoke all cloud credentials and API keys used on those systems, and assume credential compromise. Require a rollback to v8.13.x or earlier and block v8.14.0 in your npm proxy.
Affected products
jscramblernpm