Back to advisories

jscrambler npm Package Compromised in Supply Chain Attack

Version 8.14.0 of the jscrambler npm package contained malicious native binaries that executed automatically during installation, compromising developer workstations and CI/CD pipelines. Any team member or build system that pulled this version is at risk of credential theft, API key exposure, and wallet compromise. The malicious package was live for approximately six minutes before detection.

CRITICALAdvisoryJul 13, 2026
Action required
Immediately audit npm install logs and package-lock.json files for jscrambler version 8.14.0 across all developer machines and CI environments. Force-rotate all API keys, credentials, and secrets that may have been exposed on affected systems. Scan those systems for data exfiltration and lateral movement indicators.
Affected products
jscrambler