PkgRadar

Composer · packagist.org

ewq-zone-oy/spin-framework

Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.

Why PkgRadar flagged 0.0.37

SeveritySignalEvidence
highPhp Base64 Eval Chainbase64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · EWQ-Zone-Oy-spin-framework-99bfba9/src/Helpers/Cipher.php
highPhp Backtick With DecodeBacktick shell-out combined with base64/hex decode. · EWQ-Zone-Oy-spin-framework-99bfba9/src/Helpers/Cipher.php

Scanned versions

VersionVerdictScoreScanned (UTC)
0.0.37High risk752026-06-09

Block this in CI

PkgRadar gates ewq-zone-oy/spin-framework (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer ewq-zone-oy/[email protected]
Start free — 25 scans / moView full evidence