
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@babel/standalone
Advanced tools
Standalone build of Babel for use in non-Node.js environments.
See our website @babel/standalone for more information or the issues associated with this package.
Using npm:
npm install --save-dev @babel/standalone
or using yarn:
yarn add @babel/standalone --dev
TypeScript is a typed superset of JavaScript that compiles to plain JavaScript. It offers type-checking and transpilation from TypeScript to JavaScript. Unlike @babel/standalone, TypeScript focuses on adding static types to JavaScript.
Traceur is a JavaScript.next-to-JavaScript-of-today compiler. It allows you to use features from the latest JavaScript standard (ES6 and beyond) and compiles them to ES5. Traceur is similar to @babel/standalone but is less flexible in terms of plugins and presets.
esbuild is an extremely fast JavaScript bundler and minifier. It supports modern JavaScript and TypeScript syntax and can transpile to older versions of JavaScript. Unlike @babel/standalone, esbuild is designed for speed and efficiency in build processes.
FAQs
Standalone build of Babel for use in non-Node.js environments.
The npm package @babel/standalone receives a total of 647,685 weekly downloads. As such, @babel/standalone popularity was classified as popular.
We found that @babel/standalone demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.