
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@babel/helpers
Advanced tools
Collection of helper functions used by Babel transforms.
See our website @babel/helpers for more information.
Using npm:
npm install --save-dev @babel/helpers
or using yarn:
yarn add @babel/helpers --dev
Similar to @babel/helpers, core-js is a modular standard library for JavaScript, including polyfills for ECMAScript up to 2021. While @babel/helpers provides functions to support the transformation process, core-js focuses on polyfilling new JavaScript features for older environments.
This package provides runtime support for generators and async functions, similar to how @babel/helpers supports various syntax transformations. It's often used in conjunction with Babel for projects that use generators or async/await syntax to ensure compatibility with older environments.
FAQs
Collection of helper functions used by Babel transforms.
The npm package @babel/helpers receives a total of 133,941,284 weekly downloads. As such, @babel/helpers popularity was classified as popular.
We found that @babel/helpers demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.