12:02
2026-07-12
dev.to
ai-safety
How a preinstall hook silently ran malware on npm install
A malicious version of the npm package jscrambler used a preinstall hook to deploy a Rust infostealer on developer machines. The attack targeted browser credentials, crypto wallets, and Bitwarden vaul…