Home / Companies / Socket / Blog / Post Details
Content Deep Dive

jscrambler npm Package Compromised in Supply Chain Attack

Blog post from Socket

Post Details
Company
Date Published
Author
Socket Research Team
Word Count
1,588
Company Posts That Month
11
Language
English
Hacker News Points
-
Post removed?
No
Summary

A compromised version of the jscrambler npm package, specifically release 8.14.0, introduced hidden native binaries that execute automatically during installation, posing a supply chain attack risk. Published on July 11, this malicious release added a preinstall hook to execute setup.js, and included new platform-specific binaries for Linux, macOS, and Windows embedded in an obfuscated container, which were not present in the previous version 8.13.0. The attack was detected by Socket within six minutes of publication, highlighting the potential exposure to user workstations, automated build systems, and CI environments, as the package is widely used to integrate Jscrambler's JavaScript protection tools into application builds. Subsequent malicious releases 8.16.0, 8.17.0, and 8.18.0 changed the delivery method to evade detection by eliminating the preinstall hook and embedding the payload in self-executing functions. Jscrambler has responded by revoking compromised credentials, deprecating affected releases, and enhancing their publishing process controls, while users are advised to upgrade to the secure 8.22.0 version and audit any systems that may have installed the compromised versions.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.