
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@katasumi/core
Advanced tools
This directory contains database migration files for Katasumi.
Migration files should follow this naming convention:
YYYYMMDD_HHMMSS_description.js
Example: 20260126_221245_initial_schema.js
Each migration file must export two functions:
exports.up = async function up(db) {
// Migration code to apply changes
await db.$executeRawUnsafe(`CREATE TABLE ...`);
};
exports.down = async function down(db) {
// Migration code to revert changes
await db.$executeRawUnsafe(`DROP TABLE ...`);
};
From the monorepo root:
# Run all pending migrations
npm run migrate
# Rollback the last migration
npm run migrate:rollback
# Check migration status
npm run migrate:status
From the core package:
cd packages/core
# Run migrations
DATABASE_URL="file:./database.db" npm run migrate
# For PostgreSQL
DATABASE_URL="postgres://user:password@localhost:5432/db" DB_TYPE=postgres npm run migrate
Both databases use the same migration files, which are written to be compatible with both systems.
FAQs
Core types and database adapters for Katasumi
The npm package @katasumi/core receives a total of 33 weekly downloads. As such, @katasumi/core popularity was classified as not popular.
We found that @katasumi/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.