![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@babel/helpers
Advanced tools
Package description
The @babel/helpers package is part of the Babel toolchain, which is primarily used for converting ECMAScript 2015+ code into a backwards compatible version of JavaScript in current and older browsers or environments. This specific package contains a set of functions that are used by Babel's transform plugins to avoid code duplication across generated output. These helpers are small snippets of code that perform common tasks used by the transformations, such as handling classes, spreading properties, etc.
Class handling
This code demonstrates a helper function used by Babel to ensure that a class is only instantiated with the `new` keyword, preventing incorrect usage.
"use strict";\nfunction _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError(\"Cannot call a class as a function\"); } }\nvar MyClass = function MyClass() { _classCallCheck(this, MyClass); };
Spread properties
This helper function is used to emulate the behavior of the object spread operator `{...obj}`, allowing properties from one or more source objects to be copied into a new object.
"use strict";\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\nvar obj = _extends({}, sourceObj, { key: 'value' });
Similar to @babel/helpers, core-js is a modular standard library for JavaScript, including polyfills for ECMAScript up to 2021. While @babel/helpers provides functions to support the transformation process, core-js focuses on polyfilling new JavaScript features for older environments.
This package provides runtime support for generators and async functions, similar to how @babel/helpers supports various syntax transformations. It's often used in conjunction with Babel for projects that use generators or async/await syntax to ensure compatibility with older environments.
Changelog
v7.23.0 (2023-09-25)
babel-plugin-proposal-import-wasm-source
, babel-plugin-syntax-import-source
, babel-plugin-transform-dynamic-import
import source
for wasm (@nicolo-ribaudo)babel-helper-module-transforms
, babel-helpers
, babel-plugin-proposal-import-defer
, babel-plugin-syntax-import-defer
, babel-plugin-transform-modules-commonjs
, babel-runtime-corejs2
, babel-runtime-corejs3
, babel-runtime
, babel-standalone
import defer
proposal transform support (@nicolo-ribaudo)babel-generator
, babel-parser
, babel-types
import defer
parsing support (@nicolo-ribaudo)babel-generator
, babel-helper-module-transforms
, babel-parser
, babel-plugin-transform-dynamic-import
, babel-plugin-transform-modules-amd
, babel-plugin-transform-modules-commonjs
, babel-plugin-transform-modules-systemjs
, babel-traverse
, babel-types
babel-standalone
babel-helper-function-name
, babel-helper-member-expression-to-functions
, babel-helpers
, babel-parser
, babel-plugin-proposal-destructuring-private
, babel-plugin-proposal-optional-chaining-assign
, babel-plugin-syntax-optional-chaining-assign
, babel-plugin-transform-destructuring
, babel-plugin-transform-optional-chaining
, babel-runtime-corejs2
, babel-runtime-corejs3
, babel-runtime
, babel-standalone
, babel-types
babel-helpers
, babel-plugin-proposal-decorators
babel-traverse
, babel-types
t.buildUndefinedNode
(@liuxingbaoyu)babel-preset-typescript
rewriteImportExtensions
option to TS preset (@nicolo-ribaudo)babel-parser
babel-plugin-transform-block-scoping
transform-block-scoping
captures the variables of the method in the loop (@liuxingbaoyu)babel-traverse
@babel/traverse
(@lorenzoferre)babel-plugin-proposal-explicit-resource-management
using
declarations (@nicolo-ribaudo)babel-core
, babel-helper-module-transforms
, babel-plugin-transform-async-to-generator
, babel-plugin-transform-classes
, babel-plugin-transform-dynamic-import
, babel-plugin-transform-function-name
, babel-plugin-transform-modules-amd
, babel-plugin-transform-modules-commonjs
, babel-plugin-transform-modules-umd
, babel-plugin-transform-parameters
, babel-plugin-transform-react-constant-elements
, babel-plugin-transform-react-inline-elements
, babel-plugin-transform-runtime
, babel-plugin-transform-typescript
, babel-preset-env
exports.XXX =
update in simple variable declarations (@nicolo-ribaudo)Readme
Collection of helper functions used by Babel transforms.
See our website @babel/helpers for more information.
Using npm:
npm install --save-dev @babel/helpers
or using yarn:
yarn add @babel/helpers --dev
FAQs
Unknown package
We found that @babel/helpers demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.