Malicious code in transform-react-jsx (npm)

The package 'transform-react-jsx' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1508 Malicious code in transform-react-jsx (npm)

The package 'transform-react-jsx' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

EUVD-2025-36746

Malicious code in transform-react-jsx-source npm...

MAL-2025-49050 Malicious code in transform-react-jsx-source (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd1c3c75a248290b6685831711ef1fa1ec32244ea7ab218a36c42a6b5163e560 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview transform-react-jsx-source is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2022-1435 Malicious code in babelpugintransformreactjsx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c5382dcc5be3a730f882330e09a06e62a180f32a8cb289d9f1dcd438ca6e2d6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in babelpugintransformreactjsx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c5382dcc5be3a730f882330e09a06e62a180f32a8cb289d9f1dcd438ca6e2d6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

be-iq_shared-styled-components (=0.0.26) potentially affected by unknown CVE via plugin-transform-react-jsx (=0.0.1-security)

plugin-transform-react-jsx NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on plugin-transform-react-jsx and may be impacted: - be-iqshared-styled-components =0.0.26 Source cves: unknown CVE Source advisory: OSV:MAL-2022-5373...

MAL-2022-5373 Malicious code in plugin-transform-react-jsx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f27c2a663077678179b48cd4851aa8b5aa144a1d4ef1e3bb2cf05526d0b1c7c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...