
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
babel-plugin-syntax-dynamic-import
Advanced tools
The babel-plugin-syntax-dynamic-import package allows Babel to parse the syntax for dynamic imports. This plugin does not transform the code but enables the parsing of the import() syntax, which is used for dynamically loading modules in JavaScript.
Enable dynamic import syntax
This feature allows the use of the import() function to dynamically load modules. The code sample demonstrates how to use import() to load a module named 'module-name' and handle the loaded module or any errors that occur during the loading process.
import('module-name').then(module => { console.log(module); }).catch(err => { console.error(err); });
The babel-plugin-dynamic-import-node package transforms dynamic imports to use Node's require function. This is useful for server-side rendering or environments where ES modules are not natively supported. Unlike babel-plugin-syntax-dynamic-import, it actually transforms the import() syntax into a require() call.
The babel-plugin-transform-imports package allows for custom transformations of import statements. It can be used to optimize imports by transforming them into more efficient forms. This plugin provides more flexibility compared to babel-plugin-syntax-dynamic-import, which only enables the parsing of dynamic import syntax without transforming it.
Allow parsing of import()
.
$ npm install babel-plugin-syntax-dynamic-import
.babelrc
(Recommended).babelrc
{
"plugins": ["syntax-dynamic-import"]
}
$ babel --plugins syntax-dynamic-import script.js
require("babel-core").transform("code", {
plugins: ["syntax-dynamic-import"]
});
FAQs
Allow parsing of import()
The npm package babel-plugin-syntax-dynamic-import receives a total of 797,916 weekly downloads. As such, babel-plugin-syntax-dynamic-import popularity was classified as popular.
We found that babel-plugin-syntax-dynamic-import demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.