Malicious Jscrambler npm package stole developer secrets for two hours before takedown
A poisoned release of the Jscrambler npm package was downloaded almost 1,500 times, scooping up cloud keys, wallet seed phrases and browser credentials before the company pulled it.

Key points
- Jscrambler confirmed on Saturday that a malicious version of its npm package (used by developers to protect JavaScript code) was published without authorisation.
- The bad releases (versions 8.14, 8.16, 8.17 and 8.20) were live for two hours and were downloaded 1,479 times before being replaced by a clean version 8.22.
- The hidden malware harvested source code, cloud keys, Git and SSH credentials, cryptocurrency wallet data and browser cookies.
- Jscrambler says the attackers got in with stolen npm publishing credentials, which have now been revoked.
- Any developer who installed the tainted package should treat their machine as broken into and rotate every secret it touched.
Jscrambler, a company that sells tools to stop attackers tampering with JavaScript in websites and mobile apps, has confirmed that criminals published a booby-trapped version of its own software library over the weekend.
The library sits on npm, the public repository where JavaScript developers download code building blocks. Jscrambler's package pulls in around 17,000 downloads a week.
For roughly two hours on Saturday, the version listed there was not the real one.
What did the malicious package actually do?
It ran an information stealer the moment a developer installed it. The malware fired during the preinstall step, which is code that runs automatically before the package is even set up, meaning victims did not need to do anything beyond typing npm install.
Application-security firm Socket, which spotted the compromise and pulled apart the code, says the stealer went after a wide sweep of sensitive material:
- Source code and project files.
- Developer credentials: Git tokens, SSH keys, environment variables and continuous-integration secrets.
- Cloud account keys for AWS, Azure, Google Cloud and Kubernetes.
- Configuration files from AI coding assistants including Claude, Cursor, Windsurf, VS Code and Zed.
- Cryptocurrency wallets and seed phrases from MetaMask, Phantom, Coinbase, Exodus and Trust Wallet.
- Browser cookies and saved passwords.
- Data from Slack, Discord and Telegram.
Socket's researchers noted that each malicious string in the code was individually encrypted using ChaCha20-Poly1305, a strong encryption algorithm. That made the payload harder to spot and slower to analyse.
The compromise was first reported by BleepingComputer.
How did the hackers get in?
Jscrambler says the attackers had valid npm publishing credentials. In plain English: someone got hold of the login details used to push new versions of the package to the public registry, and used them to upload the poisoned build as if it were legitimate.
Those credentials have now been revoked. The company says it has added extra controls to its publishing pipeline, though it has not detailed them publicly.
Four other Jscrambler packages that depended on the affected library have also been deprecated and replaced.
"This incident was limited to that package and did not affect any other Jscrambler products, including Webpage Integrity," the company said in its notice.
What should affected developers do?
If you installed jscrambler versions 8.14, 8.16, 8.17 or 8.20 between the publication and takedown window on Saturday, assume every secret on that machine is now in criminal hands.
That means: rotate cloud access keys, regenerate Git and SSH tokens, invalidate active session cookies, move any crypto held in hot wallets to fresh addresses with new seed phrases, and re-issue CI/CD tokens. Restore the affected workstations from a clean backup rather than trying to disinfect them.
Then upgrade to jscrambler 8.22 or later.
Supply-chain attacks on npm are not new, and they keep working because a single stolen maintainer login can reach thousands of downstream developers in minutes. This one was caught inside two hours. Not every one is.



