Jscrambler hit by network compromise
Incident
Summary
Hide ▲
Show ▼
The Jscrambler npm package suffered an unauthorized publication of a malicious version that exposed developers to infostealer theft risk. The bad release stayed live for two hours and was downloaded 1,479 times, widening the blast radius to secrets, cloud credentials, and wallet data. Jscrambler said the incident stemmed from compromised npm publishing credentials, then revoked access, deprecated the package, and released 8.22.
Related Happenings
Jscrambler 8.14.0 malicious preinstall infostealer release
Malware Activity
H score9
First: 11.07.2026 20:59
Last: 11.07.2026 20:59
Sources 1
How related:
The malicious Jscrambler package spanned releases 8.14, 8.16, 8.17, and 8.20 and included information-stealing malware that executed during the ‘preinstall’ hook.
About this happening:
The **jscrambler 8.14.0** npm release now ships a **malicious preinstall hook** that runs a **Rust infostealer** during install, putting **developer and CI secrets** at risk on **...
Jscrambler 8.14.0 malicious preinstall infostealer release
Malware ActivityHow related: The malicious Jscrambler package spanned releases 8.14, 8.16, 8.17, and 8.20 and included information-stealing malware that executed during the ‘preinstall’ hook.
About this happening: The **jscrambler 8.14.0** npm release now ships a **malicious preinstall hook** that runs a **Rust infostealer** during install, putting **developer and CI secrets** at risk on **...
Injective Labs SDK project GitHub repository hit by network compromise
Incident
H score21
First: 09.07.2026 23:10
Last: 09.07.2026 23:10
Sources 1
About this happening:
The **Injective Labs SDK** project suffered a **GitHub repository compromise** that let attackers publish a malicious **@injectivelabs/sdk-ts v1.20.21** package, putting developer...
Injective Labs SDK project GitHub repository hit by network compromise
IncidentAbout this happening: The **Injective Labs SDK** project suffered a **GitHub repository compromise** that let attackers publish a malicious **@injectivelabs/sdk-ts v1.20.21** package, putting developer...
Mini Shai-Hulud / Miasma / Hades multi-ecosystem supply-chain malware activity
Malware Activity
H score36
First: 26.06.2026 14:05
Last: 26.06.2026 14:05
Sources 1
About this happening:
The **Mini Shai-Hulud / Miasma / Hades** malware activity added **malicious npm releases**, **GitHub Actions workflow abuse**, and a related **Go module compromise**, increasing t...
Mini Shai-Hulud / Miasma / Hades multi-ecosystem supply-chain malware activity
Malware ActivityAbout this happening: The **Mini Shai-Hulud / Miasma / Hades** malware activity added **malicious npm releases**, **GitHub Actions workflow abuse**, and a related **Go module compromise**, increasing t...
Easy-day-js Mastra package-publishing campaign
Campaign
H score30
First: 17.06.2026 10:38
Last: 17.06.2026 10:38
Sources 1
About this happening:
The **easy-day-js** campaign mass-published more than **140 malicious npm packages** across the **@mastra/*** namespace, creating broad supply-chain exposure for developers and bu...
Easy-day-js Mastra package-publishing campaign
CampaignAbout this happening: The **easy-day-js** campaign mass-published more than **140 malicious npm packages** across the **@mastra/*** namespace, creating broad supply-chain exposure for developers and bu...
Mastra @mastra/* npm packages hit by network compromise
Incident
H score47
First: 17.06.2026 10:38
Last: 17.06.2026 10:38
Sources 1
About this happening:
**Mastra** @mastra/* npm packages were **compromised** in a **software supply chain attack** that spread through the namespace on **2026-06-17**. Microsoft now attributes the acti...
Mastra @mastra/* npm packages hit by network compromise
IncidentAbout this happening: **Mastra** @mastra/* npm packages were **compromised** in a **software supply chain attack** that spread through the namespace on **2026-06-17**. Microsoft now attributes the acti...
Latest development: 20.06.2026 17:09
Microsoft attributed the Mastra AI supply chain attack to Sapphire Sleet, also known as BlueNoroff, and said the attackers compromised the npm maintainer account ehindero, which had publishing privileges across the Mastra package environment. The June 19 update said more than 140 packages in the @mastra scope were modified to inject easy-day-js.
Timeline
-
13.07.2026 22:44 2 articles · 4h ago
Jscrambler discloses malicious npm package publication
Initial DisclosureJscrambler disclosed that a threat actor unauthorizedly published a malicious version of its jscrambler npm package used with Code Integrity, and the bad releases 8.14, 8.16, 8.17, and 8.20 executed information-stealing malware during the preinstall hook. The package stayed live for two hours, was downloaded 1,479 times, and Socket detected and analyzed the compromise. Jscrambler said the issue was limited to that package and did not affect other products such as Webpage Integrity, revoked compromised npm publishing credentials, deprecated the affected package and four dependent Jscrambler packages, released safe version 8.22, and added additional publishing-pipeline security controls.
Show sources
- Hackers backdoor Jscrambler npm package with infostealer malware — www.bleepingcomputer.com — 13.07.2026 22:44
- Hackers backdoor Jscrambler npm package with infostealer malware — www.bleepingcomputer.com — 13.07.2026 22:44