CRITICALAdvisoryJul 13, 2026
Action required
Immediately audit npm install logs and package-lock.json files for jscrambler version 8.14.0 across all developer machines and CI environments. Force-rotate all API keys, credentials, and secrets that may have been exposed on affected systems. Scan those systems for data exfiltration and lateral movement indicators.
Affected products
jscrambler
Linked articles