
Research
/Security News
Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
core-js-builder
Advanced tools
For some cases could be useful to exclude some core-js
features or generate a polyfill for target engines. This API helps conditionally include or exclude certain parts of core-js
and build for targets. modules
, exclude
and targets
options are specified in the core-js-compat
format.
import builder from 'core-js-builder';
const bundle = await builder({
// entry / module / namespace / an array of them, by default - all `core-js` modules
modules: ['core-js/actual', /^esnext\.reflect\./],
// a blacklist of entries / modules / namespaces, by default - empty list
exclude: [/^es\.math\./, 'es.number.constructor'],
// optional browserslist or core-js-compat format query
targets: '> 0.5%, not dead, ie 9-11',
// shows summary for the bundle, disabled by default
summary: {
// in the console, you could specify required parts or set `true` for enable all of them
console: { size: true, modules: false },
// in the comment in the target file, similarly to `summary.console`
comment: { size: false, modules: true },
},
// output format, 'bundle' by default, can be 'cjs' or 'esm', and in this case
// the result will not be bundled and will contain imports of required modules
format: 'bundle',
// optional target filename, if it's missed a file will not be created
filename: PATH_TO_MY_COREJS_BUNDLE,
});
ℹ️ When using TypeScript, make sure to set esModuleInterop
to true
.
Uint8Array
to / from base64 and hex stage 3 proposal:
Uint8Array.fromHex
and Uint8Array.prototype.{ setFromBase64, toBase64, toHex }
, thanks @brc-ddGet
in Iterator.zipKeyed
, following tc39/proposal-joint-iteration#43Iterator
sequencing stage 2.7 proposal:
Iterator.concat
no longer reuses IteratorResult
object of concatenated iterators, following tc39/proposal-iterator-sequencing#26Iterator
chunking stage 2 proposal:
Iterator.prototype.sliding
Number.prototype.clamp
stage 2 proposal:
clamp
no longer throws an error on NaN
as min
or max
, following tc39/proposal-math-clamp#d2387791c265edf66fbe2455eab919016717ce6fSet.prototype.{ symmetricDifference, union }
detectionIterator
methods/full/{ instance, number/virtual }/clamp
entriesIterator
helpers marked as fixed and updated following the latest spec changes in Safari 26.0Set.prototype.{ difference, symmetricDifference, union }
marked as fixed in Safari 26.0SuppressedError
marked as fixed in FF141Error.isError
marked as fixed in Node 24.3setImmediate
and clearImmediate
marked as available from Deno 2.4Math.sumPrecise
marked as shipped in Bun 1.2.18%TypedArray%.prototype.with
marked as fixed in Bun 1.2.18FAQs
core-js builder
The npm package core-js-builder receives a total of 10,144 weekly downloads. As such, core-js-builder popularity was classified as popular.
We found that core-js-builder demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
Research
/Security News
Socket researchers investigate 4 malicious npm and PyPI packages with 56,000+ downloads that install surveillance malware.
Security News
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.