Malicious code in transform-es2015-parameters (npm)

The package 'transform-es2015-parameters' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in transform-es2015-duplicate-keys (npm)

The package 'transform-es2015-duplicate-keys' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1563 Malicious code in transform-es2015-shorthand-properties (npm)

The package 'transform-es2015-shorthand-properties' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2...

Malicious code in transform-es2015-spread (npm)

The package 'transform-es2015-spread' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1562 Malicious code in transform-es2015-parameters (npm)

The package 'transform-es2015-parameters' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1564 Malicious code in transform-es2015-spread (npm)

The package 'transform-es2015-spread' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1561 Malicious code in transform-es2015-duplicate-keys (npm)

The package 'transform-es2015-duplicate-keys' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-664 Malicious code in transform-es2015-modules-amd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f874dbbcc1f45c4afb0b3b6eba5bab0a03a8f0f2749b4ad737ce8562bbd1f3b The package transform-es2015-modules-amd was found to contain malicious code. Source: ghsa-malware...

Malicious code in transform-es2015-modules-amd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f874dbbcc1f45c4afb0b3b6eba5bab0a03a8f0f2749b4ad737ce8562bbd1f3b The package transform-es2015-modules-amd was found to contain malicious code. Source: ghsa-malware...

Malicious code in transform-es2015-block-scoping (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e96489b1847106951744b2eb46d3c771d38406ff77d148fa97dd349910a934c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview transform-es2015-block-scoping is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

MAL-2025-49047 Malicious code in transform-es2015-modules-commonjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2ad9d3d189297373f163d4e6bba02fc712b67f335bc6a6bab2ebfcf16cba487 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-36759

Malicious code in transform-es2015-modules-commonjs npm...

MAL-2022-1415 Malicious code in babel-pzugin-transform-es2015-modues-commonjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f487dcb86915ec1bb46550b2f2a4b5cc2d0deb6cdabc7fb8b3ca164467e27876 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1420 Malicious code in babelllugintransformes2015modulescommonjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85a16e3db18168e71a2eeec8f9190a55ae782642089ef8b41719535a6a434a82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...