Malicious jscrambler 8.14.0 runs hidden binaries during npm install on Windows, macOS, and Linux, with no fix available as of ...
The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a preinstall hook ...