writes a user. Note, Facebook's Create React App may not be the only prominent application to be impacted by the new dependency version. Npm project @wordpress/scripts is also reportedly breaking.

Open-source framework wraps React and CSS and provides a catalog of components and a theme system for composing user interfaces declaratively with XML.

The malicious packages targeted users of some of the largest ecosystems for JavaScript developers, including React, Vue, and Vite. The specific packages were: js-bomb js-hood vite-plugin-bomb-extend ...