Table of contents
At a Glance
Affected package: jscrambler
Affected products: Code Integrity
Affected versions: 8.14/8.16/8.17/8.20
Safe version: 8.22
Time of publication: 11 July 2026, 16:12:40 BST (London) / 11:12:40 EDT (US Eastern)
Status: Deprecated and no longer available through normal npm dependency resolution.
Known downloads: npm currently reports 0 downloads of the affected version, but it often takes hours for this stat to be fully updated. We are independently verifying this information as part of our ongoing investigation.
Recommended action: Do not install the affected version. If you have already installed it, remove it immediately and upgrade to a safe version (8.22 or later).
Investigation status: Ongoing.
Today, we identified the unauthorized publication of a malicious version of our jscrambler npm package, which is used with our Code Integrity product. This incident was limited to that package and did not affect any other Jscrambler products, including Webpage Integrity.
The published package contained malware that executed during the npm preinstall lifecycle hook. As soon as we became aware of the unauthorized publication, we activated our incident response process and immediately took steps to contain the issue.
The unauthorized publication occurred at 16:12:40 London Time (11:12:40 EDT). The publication itself immediately triggered unexpected notifications to our package maintainers, allowing us to detect the incident within seconds and begin our response without delay.
The malicious version was immediately deprecated to prevent further installations through normal npm dependency resolution. At the time of writing, npm still reports zero downloads of the affected version, and we are independently verifying this information as part of our ongoing investigation.
Our investigation indicates that the attacker was able to publish the package using an npm publishing credential. We have revoked and rotated all relevant credentials, passwords, and secrets, and have implemented additional security controls around our publishing process while the investigation continues.
Our response has included:
Immediate deprecation of the malicious package version.
Revocation and rotation of publishing credentials.
Rotation of related secrets and passwords.
Additional hardening of our package publishing pipeline.
A full forensic investigation to determine the root cause and confirm the scope of the incident.
At this time, our investigation is ongoing. We are working to establish the complete sequence of events and verify whether any systems beyond the package publication process were affected.
We will continue to update this advisory as additional verified information becomes available.
We sincerely apologize for this incident. Protecting our users and maintaining the integrity of our software distribution process are responsibilities we take extremely seriously, and we are committed to being transparent throughout this investigation.