babel-plugin-blocks@5.0.0Malicious

Verified

Analysed at: 4/12/26, 3:55 PM

Source: https://registry.npmjs.org/babel-plugin-blocks/-/babel-plugin-blocks-5.0.0.tgz

SHA256: 5a2e6fa4565498970400985d60aab4354ef9dc5d0fd302f402cac0613b30b542

Confidence: High

Summary

Note: This report is updated by a verification record

Malicious package due to data exfiltration via test, preinstall, and preupdate scripts in package.json using wget to send data to webhook.site.

Verification Record

The package is marked as malware by OSV: MAL-2026-2631 with source: ghsa-malware

Details

Note: This report is updated by a verification record

The package is a malware because it contains suspicious scripts in package.json that exfiltrate sensitive information. The test, preinstall, and preupdate scripts all use wget to send the username, current path, and hostname to a remote server (webhook.site). This behavior is indicative of malicious intent.

Summary

Note: This report is updated by a verification record

Malicious package due to data exfiltration via test, preinstall, and preupdate scripts in package.json using wget to send data to webhook.site.

Verification Record

The package is marked as malware by OSV: MAL-2026-2631 with source: ghsa-malware

Details

Note: This report is updated by a verification record

babel-plugin-blocks@5.0.0Malicious

Verified

Analysed at: 4/12/26, 3:55 PM

Source: https://registry.npmjs.org/babel-plugin-blocks/-/babel-plugin-blocks-5.0.0.tgz

SHA256: 5a2e6fa4565498970400985d60aab4354ef9dc5d0fd302f402cac0613b30b542

Confidence: High