> Users that only compile trusted code are not impacted.
Doesn't Babel typically only compile your source code, and not what's in node_modules? I guess it depends if you're compiling single files, leaving import statements as they are; or creating a single bundle for the browser that includes external dependencies. For the latter, I imagine there's a chance some malicious package could exploit this.
Doesn't Babel typically only compile your source code, and not what's in node_modules? I guess it depends if you're compiling single files, leaving import statements as they are; or creating a single bundle for the browser that includes external dependencies. For the latter, I imagine there's a chance some malicious package could exploit this.