v vanemmerik.ai / SUPPLY-CHAIN
Supply Chain · Watch Saturday · 11 July 2026 End-of-day synthesis 4 watches · 1 items

From the watchtower — what crossed the wire today.

A four-times-a-day standing watch on the open-source supply chain. Each pass pulls newly disclosed CVEs, freshly catalogued KEV adds, and active attacks reported in the wild — then ranks them by severity for the day.

The story of the day — A compromised jscrambler npm release spent three hours mutating past its own install-hook detection while its Rust infostealer went straight for Claude Desktop, Cursor, and other MCP server credentials.

Quiet day on the disclosure front — GHSA and KEV turned up nothing that wasn't already covered in yesterday's First Watch — until Socket caught a live one at 15:36 UTC: jscrambler's 8.14.0 npm release dropped a Rust infostealer through a preinstall hook.

What makes this one worth the full write-up isn't the delivery mechanism, which is a familiar shape, it's how the campaign adapted in real time. The same actor pushed four more malicious releases over the next three hours, and by 8.18.0 abandoned the install hook for a self-executing loader that fires on import instead — a direct, deliberate move to defeat npm install --ignore-scripts and preinstall-only scanners. The payload's target list also breaks from the usual crypto-wallet-and-browser-cookie template: it enumerates Claude Desktop, Cursor, Windsurf, and Zed MCP configs by name, which is the first time this series has logged an npm-delivered infostealer built to specifically harvest AI-agent credentials rather than pick them up incidentally.

→ Operational priority for the night if jscrambler is anywhere in your build pipeline, remove 8.14.0/8.16.0/8.17.0/8.18.0/8.20.0, pin to 8.22.0, and rotate cloud and MCP credentials on any machine that touched a bad install before assuming it's clean.

18:00 ET · First Watch

jscrambler npm package compromised — Rust infostealer drops via preinstall hook, then evolves mid-campaign to survive npm install --ignore-scripts

[email protected] shipped an undocumented preinstall hook that unpacks a 7.8MB obfuscated container and launches an OS-matched Rust infostealer (Linux ELF, Windows PE32+, macOS arm64 Mach-O); Socket caught it six minutes after publish, but the same actor pushed four more malicious releases — 8.16.0, 8.17.0, 8.18.0, 8.20.0 — over the next three hours, and starting with 8.18.0 dropped the install hook entirely in favor of a self-executing loader injected at the top of dist/index.js specifically to survive npm install --ignore-scripts. The payload's target list is unusually pointed for an npm drop: browser-extension crypto wallets, AWS/GCP/Azure metadata-endpoint credentials, and — distinctively — Claude Desktop, Cursor, Windsurf, Zed, and VS Code MCP server configs, meaning any dev machine that installed one of the five bad releases should be treated as having leaked its AI-agent API keys and cloud secrets, not just its npm token. Remove any of jscrambler 8.14.0/8.16.0/8.17.0/8.18.0/8.20.0, pin to 8.22.0 (first confirmed-clean release), rotate every credential reachable from affected machines — cloud, MCP, wallet — and grep install logs for dist/setup.js execution.