PkgRadar

Composer · packagist.org

dashed/dashed-ecommerce-veloyd

Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.

Why PkgRadar flagged v4.8.0

SeveritySignalEvidence
highPhp Base64 Eval Chainbase64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · DashedCMS-dashed-ecommerce-veloyd-5ee6e3f/src/Classes/Veloyd.php
highPhp Shell With Decodeexec / system / shell_exec combined with base64/hex decode. · DashedCMS-dashed-ecommerce-veloyd-5ee6e3f/src/Classes/Veloyd.php

Scanned versions

VersionVerdictScoreScanned (UTC)
v4.8.0High risk752026-06-12
v4.7.5High risk752026-06-11
v4.7.4High risk752026-06-10
v4.7.3High risk752026-06-10
v4.5.1High risk752026-06-05
v4.5.0High risk752026-06-03
v4.1.2High risk752026-06-03
v4.1.0High risk752026-06-01

Block this in CI

PkgRadar gates dashed/dashed-ecommerce-veloyd (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer dashed/[email protected]
Start free — 25 scans / moView full evidence
dashed/dashed-ecommerce-veloyd — Composer security scan | PkgRadar