Compromised jscrambler npm Releases Expose Developer Secrets: What Teams Should Do Now
A compromised release of the `jscrambler` npm package turned a routine dependency install into a credential-theft event. The initial malicious version, `[email protected]`, was published on July 11, 2026, and used an npm lifecycle hook to e...