
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
@esbuild/win32-arm64
Advanced tools
The Windows ARM 64-bit binary for esbuild, a JavaScript bundler.
The @esbuild/win32-arm64 npm package is a binary package for the esbuild bundler optimized for Windows on ARM64 architectures. Esbuild is a fast JavaScript bundler and minifier. It compiles TypeScript and JavaScript into efficient code that can be executed in the browser or on Node.js. This package specifically targets the Windows ARM64 platform, providing native performance improvements.
JavaScript and TypeScript bundling
This feature allows you to bundle multiple JavaScript or TypeScript files into a single file. The code sample demonstrates how to bundle an entry file named 'app.js' into an output file named 'out.js'.
require('esbuild').build({
entryPoints: ['app.js'],
bundle: true,
outfile: 'out.js'
}).catch(() => process.exit(1))
Minification
This feature enables the minification of JavaScript files to reduce their size for production. The code sample shows how to minify an entry file 'app.js' into a smaller output file 'out.js'.
require('esbuild').build({
entryPoints: ['app.js'],
minify: true,
outfile: 'out.js'
}).catch(() => process.exit(1))
Transpiling
This feature allows for the transpilation of TypeScript files into JavaScript, making it possible to use TypeScript in environments that only support JavaScript. The code sample demonstrates transpiling a TypeScript file 'app.ts' into a JavaScript file 'out.js'.
require('esbuild').build({
entryPoints: ['app.ts'],
loader: { '.ts': 'ts' },
outfile: 'out.js'
}).catch(() => process.exit(1))
Webpack is a popular JavaScript module bundler with a rich ecosystem of plugins and loaders. It offers similar functionality to esbuild, such as bundling, minification, and transpilation. However, esbuild is known for its speed, often being significantly faster than Webpack, especially for larger projects.
Rollup is another module bundler for JavaScript which focuses on producing smaller bundles by eliminating unused code. It is similar to esbuild in terms of its bundling capabilities and support for plugins. While Rollup is generally faster than Webpack, esbuild typically outperforms Rollup in terms of build speed.
Parcel is a web application bundler that offers out-of-the-box support for many web development languages and frameworks, with zero configuration required. It provides similar functionalities to esbuild, including fast bundling and built-in support for various file types. Parcel is known for its ease of use, but esbuild usually has a performance advantage.
This is the Windows ARM 64-bit binary for esbuild, a JavaScript bundler and minifier. See https://github.com/evanw/esbuild for details.
0.25.9
Better support building projects that use Yarn on Windows (#3131, #3663)
With this release, you can now use esbuild to bundle projects that use Yarn Plug'n'Play on Windows on drives other than the C:
drive. The problem was as follows:
C:
driveD:
drive../..
to get from the project directory to the cache directory..
(so D:\..
is just D:
)Yarn works around this edge case by pretending Windows-style paths beginning with C:\
are actually Unix-style paths beginning with /C:/
, so the ../..
path segments are able to navigate across drives inside Yarn's implementation. This was broken for a long time in esbuild but I finally got access to a Windows machine and was able to debug and fix this edge case. So you should now be able to bundle these projects with esbuild.
Preserve parentheses around function expressions (#4252)
The V8 JavaScript VM uses parentheses around function expressions as an optimization hint to immediately compile the function. Otherwise the function would be lazily-compiled, which has additional overhead if that function is always called immediately as lazy compilation involves parsing the function twice. You can read V8's blog post about this for more details.
Previously esbuild did not represent parentheses around functions in the AST so they were lost during compilation. With this change, esbuild will now preserve parentheses around function expressions when they are present in the original source code. This means these optimization hints will not be lost when bundling with esbuild. In addition, esbuild will now automatically add this optimization hint to immediately-invoked function expressions. Here's an example:
// Original code
const fn0 = () => 0
const fn1 = (() => 1)
console.log(fn0, function() { return fn1() }())
// Old output
const fn0 = () => 0;
const fn1 = () => 1;
console.log(fn0, function() {
return fn1();
}());
// New output
const fn0 = () => 0;
const fn1 = (() => 1);
console.log(fn0, (function() {
return fn1();
})());
Note that you do not want to wrap all function expressions in parentheses. This optimization hint should only be used for functions that are called on initial load. Using this hint for functions that are not called on initial load will unnecessarily delay the initial load. Again, see V8's blog post linked above for details.
Update Go from 1.23.10 to 1.23.12 (#4257, #4258)
This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain false positive reports (specifically CVE-2025-4674 and CVE-2025-47907) from vulnerability scanners that only detect which version of the Go compiler esbuild uses.
FAQs
The Windows ARM 64-bit binary for esbuild, a JavaScript bundler.
The npm package @esbuild/win32-arm64 receives a total of 5,650,090 weekly downloads. As such, @esbuild/win32-arm64 popularity was classified as popular.
We found that @esbuild/win32-arm64 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.