Dossier
jscrambler
Coverage of jscrambler in the Nexus archive.
- Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
The jscrambler 8.14.0 npm package included a malicious preinstall hook that deploys a Rust-based infostealer for Windows, macOS, and Linux during installation. The compromised version was published on July 11, 2026, and automatically executes the malware without requiring additional commands or imports. Security firm Socket detected and flagged the release six minutes after publication.