jscrambler npm Package Compromised in Supply Chain Attack
Blog post from Socket
A compromised version of the jscrambler npm package, specifically release 8.14.0, introduced hidden native binaries that execute automatically during installation, posing a supply chain attack risk. Published on July 11, this malicious release added a preinstall hook to execute setup.js, and included new platform-specific binaries for Linux, macOS, and Windows embedded in an obfuscated container, which were not present in the previous version 8.13.0. The attack was detected by Socket within six minutes of publication, highlighting the potential exposure to user workstations, automated build systems, and CI environments, as the package is widely used to integrate Jscrambler's JavaScript protection tools into application builds. Subsequent malicious releases 8.16.0, 8.17.0, and 8.18.0 changed the delivery method to evade detection by eliminating the preinstall hook and embedding the payload in self-executing functions. Jscrambler has responded by revoking compromised credentials, deprecating affected releases, and enhancing their publishing process controls, while users are advised to upgrade to the secure 8.22.0 version and audit any systems that may have installed the compromised versions.
No tracked trend matches for this post yet.
Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.