Malicious Jscrambler NPM package versions distributed a cross-platform credential stealer in a new supply chain attack.