babel-js

MAL-2026-407

npmmalware1/21/2026
Description

Malicious code in babel-js (npm)

Indicators of Compromise
SHA256 Hashes (3)
971a7cbc4a8fb219a47c89b6aa15c980a6d562786f2800c575eb250f53e229e1
8e9ff5d2308ea7b49b6fbf0f4e49dd88fe66d82523ae39b56d2c8ce3747e64c7
5f2e505b015b4ce90eef46bd1889b3c72657d3ec475c9c69456f3cba12d2a571
References (2)
https://github.com/advisories/GHSA-qg2h-qpcj-f7c2OSVhttps://www.veracode.com/blog/54-new-npm-packages-found-beaconing-to-c2-server-in-ethereum-smart-contractOSV
Details
Ecosystemnpm
Attack Typemalware
Published1/21/2026
Affected Versions
0
Aliases
GHSA-qg2h-qpcj-f7c2
Quick Actions
All Incidentsnpm Incidents
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001