The Hacker NewsSunday · July 12, 2026FREE

Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

jscramblernpmsupply-chaininfostealerrust

The npm package jscrambler, a JavaScript obfuscation tool, had its version 8.14.0 release compromised. According to The Hacker News, the malicious release drops a Rust-based infostealer during the installation process. The infostealer is designed to exfiltrate sensitive information from the compromised system. The attack vector involves the package's install script executing the malicious payload. Users who installed jscrambler 8.14.0 are affected. The source does not specify the exact data targeted, the distribution mechanism beyond npm, or any remediation steps. The incident highlights the ongoing risk of supply chain attacks via package registries.

// why it matters

Compromised npm packages can lead to credential theft and data breaches in developer environments.

Sources

Primary · The Hacker News
▸ Read original at thehackernews.com

Like this? Get the next digest.

Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install — aigest.dev