Storyline

Jscrambler npm packages compromised in supply chain attack deploying infostealer malware

Multiple versions of Jscrambler's npm packages, including version 8.14.0, were compromised in a supply chain attack that injected a malicious preinstall hook.

Published 2026-07-13 17:29 UTCUpdated 2026-07-14 09:04 UTC
Current brief openSource links open
This current storyline is open here with summary, metadata, source links, continuity context, and full evidence. Paid is for compare-over-time, alerts, exports, and workflow.
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.
3 top sources shown
Jscrambler npm Breach Exposes Developers to Malware
BankInfoSecurity · News · bankinfosecurity.com · 2026-07-13 21:48 UTC
Overview

Multiple versions of Jscrambler's npm packages, including version 8.14.0, were compromised in a supply chain attack that injected a malicious preinstall hook.

Score total
1.2
Momentum 24h
3
Posts
3
Origins
3
Source types
1
Duplicate ratio
0%
Why now
  • The attack was recently discovered affecting multiple Jscrambler package versions including 8.14.0.
  • Malicious versions were actively released using compromised publishing credentials.
  • Developers using these packages need immediate awareness and remediation steps.
Why it matters
  • Supply chain attacks on npm packages can compromise developer environments and downstream software.
  • Harvested credentials and source code pose risks of further exploitation and intellectual property theft.
  • Evolving malware delivery methods increase difficulty of detection and mitigation.
Continuity snapshot
  • Trend status: insufficient_history.
  • Continuity stage: broad_confirmed.
  • Current status: open.
  • 3 current source-linked posts are attached to this storyline.
All evidence
All evidence
Multiple Jscrambler Packages Impacted by Supply Chain Attack
SecurityWeek · securityweek.com · 2026-07-14 09:04 UTC
Jscrambler npm Breach Exposes Developers to Malware
BankInfoSecurity · bankinfosecurity.com · 2026-07-13 21:48 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
  • SecurityWeek (1)
  • BankInfoSecurity (1)
  • SC Media (1)
Top origin domains (this list)
  • securityweek.com (1)
  • bankinfosecurity.com (1)
  • scworld.com (1)