PkgRadar

npm · registry.npmjs.org

jscrambler

Large Javascript Payload

Early detection

PkgRadar flagged this 6h before public disclosure

Detected 2026-07-11 · disclosed as MAL-2026-10187 on 2026-07-11

Scanned versions

VersionVerdictScoreScanned (UTC)
8.20.0High risk02026-07-12
8.22.0Low risk02026-07-11
8.18.0Low risk02026-07-11
8.17.0Review12026-07-11
8.16.0High risk452026-07-11
8.15.0Low risk02026-07-11
8.14.0High risk452026-07-11
8.13.0Low risk02026-06-30
8.12.0Low risk02026-06-15
8.11.1Low risk02026-06-11
8.11.2Low risk02026-06-11
8.12.0-next.0Low risk02026-06-11
8.11.3Low risk02026-06-11

Block this in CI

PkgRadar gates jscrambler (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
jscrambler — npm malware advisory | PkgRadar