Malicious code in transform-react-jsx (npm)

The package 'transform-react-jsx' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1508 Malicious code in transform-react-jsx (npm)

The package 'transform-react-jsx' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-666 Malicious code in transform-react-display-name (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad21ba0cb042f576642dd61d0639ac6da6cec5a468ff7b5cf0aab9164667bcb0 The package transform-react-display-name was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview transform-react-display-name is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

EUVD-2025-36746

Malicious code in transform-react-jsx-source npm...

MAL-2025-49050 Malicious code in transform-react-jsx-source (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd1c3c75a248290b6685831711ef1fa1ec32244ea7ab218a36c42a6b5163e560 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview transform-react-jsx-source is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious code in transform-react-jsx-source (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd1c3c75a248290b6685831711ef1fa1ec32244ea7ab218a36c42a6b5163e560 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-36816

Malicious code in transform-react-remove-prop-types npm...

Malicious code in transform-react-remove-prop-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38145745ad3f626f3b5d35e2d923d4eec412bed8c0e4d5532dadbc5d53e5ff49 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-49051 Malicious code in transform-react-remove-prop-types (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38145745ad3f626f3b5d35e2d923d4eec412bed8c0e4d5532dadbc5d53e5ff49 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview transform-react-constant-elements is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious code in transform-react-constant-elements (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d582d56f1f42a97702c2557fbfdcc90613da53d18adf5494b4f18c555c04398 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-36853

Malicious code in transform-react-constant-elements npm...

be-iq_shared-styled-components (=0.0.26) potentially affected by unknown CVE via plugin-transform-react-jsx (=0.0.1-security)

plugin-transform-react-jsx NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on plugin-transform-react-jsx and may be impacted: - be-iqshared-styled-components =0.0.26 Source cves: unknown CVE Source advisory: OSV:MAL-2022-5373...