Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@gd-uikit/babel-preset-react-app
Advanced tools
This package includes the Babel preset used by Create React App.
Please refer to its documentation:
The easiest way to use this configuration is with Create React App, which includes it by default. You don’t need to install it separately in Create React App projects.
If you want to use this Babel preset in a project not built with Create React App, you can install it with the following steps.
First, install Babel.
Then install babel-preset-react-app.
npm install babel-preset-react-app --save-dev
Then create a file named .babelrc
with following contents in the root folder of your project:
{
"presets": ["react-app"]
}
This preset uses the useBuiltIns
option with transform-object-rest-spread and transform-react-jsx, which assumes that Object.assign
is available or polyfilled.
Make sure you have a .flowconfig
file at the root directory. You can also use the flow
option on .babelrc
:
{
"presets": [["react-app", { "flow": true, "typescript": false }]]
}
Make sure you have a tsconfig.json
file at the root directory. You can also use the typescript
option on .babelrc
:
{
"presets": [["react-app", { "flow": false, "typescript": true }]]
}
Absolute paths are enabled by default for imports. To use relative paths instead, set the absoluteRuntime
option in .babelrc
to false
:
{
"presets": [["react-app", { "absoluteRuntime": false }]]
}
FAQs
Babel preset used by Create React App
The npm package @gd-uikit/babel-preset-react-app receives a total of 0 weekly downloads. As such, @gd-uikit/babel-preset-react-app popularity was classified as not popular.
We found that @gd-uikit/babel-preset-react-app demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.