Threat IntelligenceBooby-trapped jscrambler npm release runs infostealer the moment you install it
Version 8.14.0 of a popular JavaScript protection package shipped with a hidden payload that fires during install, no code changes required from the developer.