Which versions of babel-plugin-standalone are malicious?

The following npm versions of babel-plugin-standalone are flagged malicious: 4.1.0, 4.2.0, 5.2.0. Treat any of these as compromised.

How do I remediate babel-plugin-standalone if I installed it?

Remove babel-plugin-standalone from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.

I already installed babel-plugin-standalone — how do I know if it already compromised me?

If babel-plugin-standalone was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is babel-plugin-standalone part of a known attack campaign?

Yes — babel-plugin-standalone is associated with the GHSA-3q93-fg6q-g42q campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find babel-plugin-standalone across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for babel-plugin-standalone (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging babel-plugin-standalone across your stack and pipelines.

Malicious package

babel-plugin-standalonenpm

Malicious code in babel-plugin-standalone (npm) Remove it immediately and rotate any exposed credentials.

MAL-2025-191491

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall babel-plugin-standalone

What this malware does

The package babel-plugin-standalone was found to contain malicious code.

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The OpenSSF Package Analysis project identified 'babel-plugin-standalone' @ 4.2.0 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.

Malicious versions

3 flagged

4.1.04.2.05.2.0

Indicators of compromise (SHA-256)

06d7a81159d5872691b608f5f15001bbdf38500c7bebf3bb2d184cd0219609da

de3e1a007454664680a7aa5b48a5747c37e5a875841a690560a1e4e8d0635507

fc044f05aa9236de282d7dd34b9fb81a57a3ce7e30497bd2241e6d8d54f487a8

0b4d55e36c2dc9ae1b9f1be19b7df14b24b6911fd72498d6d336565a94cea59f

9c0c0a73e5041cb8de616f725c2e39f26c691fda78a486097f45d57de405d8da

Detection & response playbook

Malicious package

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for babel-plugin-standalone (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging babel-plugin-standalone across your stack and pipelines.
If you installed it — respond
Remove babel-plugin-standalone from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.
Did it already run?
If babel-plugin-standalone was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks babel-plugin-standalone before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. babel-plugin-standalone on npm has been identified as a malicious package (versions 4.1.0, 4.2.0, 5.2.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

GHSA-3q93-fg6q-g42q

References

github.com

Credits

Amazon Inspector · finder
OpenSSF: Package Analysis · finder

Detect & block this

O3 blocks babel-plugin-standalone-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.

Malware detection Runtime egress monitoring