The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a preinstall hook that drops and executes a native binary, one build each for Windows, macOS, and Linux. Socket flagged the release six minutes after it was published. If you or one of your
UPVOTERS
Community appreciation
See who found this content valuable and showed their support.
No upvotes yet.
Be the first to show your appreciation for this content.
TOPICS
Explore the same topics
Discover more content from the topics this post is mapped to.
Keep browsing
Explore more from this topic
Dive into the full feed of curated posts covering Cybersecurity & Data Protection.
Discussion
Your thoughts matter!
Your input is valuable—be the first to share it!