
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.
Harper is an open-source Node.js unified development platform that fuses database, cache, application, and messaging layers into one in-memory process. With Harper you can build ultra-high-performance services without boilerplate code and scale them horizontally.
Key Features:
Unified Runtime: Database, cache, application logic, and messaging all operate within a single in-memory Node.js process, eliminating external dependencies and reducing latency.
In-Memory Performance: Data and compute share memory space for microsecond-level access times and exceptional throughput under load.
Native Messaging: Built-in publish/subscribe messaging with Websockets and MQTT enables real-time communication between nodes and clients without external brokers.
Developer Simplicity: Annotate your data schema with @export to instantly generate REST APIs. Extend functionality by defining custom endpoints in JavaScript.
Deploy with Harper Fabric for Horizontal Scalability: Distribute workloads across multiple Harper nodes by selecting your regions and latency targets.
npm i -g harper
Get started building Harper applications by following our Learn guide: https://docs.harperdb.io/learn
Harper's open source core accepts contributions from the community! Please read our guidelines before contributing.
Open an issue if you find a bug, or reach out on our Discord if you have questions or want to discuss ideas.
For more information on how to contribute, please see our:
Harper Pro is the source-available distribution of Harper, built on top of this open source harper core. It extends the core with enterprise features including multi-node replication, certificate management, and extended profiling and analytics. It is licensed under the Elastic License 2.0.
HarperDB is our previous name. Earlier in 2025, we rebranded to just "Harper" to reflect our evolution from a database to a full performance platform. The core technology remains the same, but we've expanded our vision to encompass more than just database functionality. Since this repo was created from the existing Harper codebase, you may still see references to the old name "HarperDB" in certain places.
Please review our Security Policy for reporting vulnerabilities.
Please always disclose vulnerabilities privately to security@harperdb.io before making them public.
Harper is available under the Apache-2.0 License. See the LICENSE for the full license text or the License FAQ for more information.
FAQs
Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.
The npm package harper receives a total of 23,851 weekly downloads. As such, harper popularity was classified as popular.
We found that harper demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.