Composer · packagist.org
headercat/phpstan-extension-ide-helper
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged 2.2.2
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · headercat-phpstan-extension-ide-helper-178a81f/src/Analyser/NodeScopeResolver.php |
| high | Php Backtick With Decode | Backtick shell-out combined with base64/hex decode. · headercat-phpstan-extension-ide-helper-178a81f/src/Analyser/NodeScopeResolver.php |
| medium | Remote Payload | matched "raw.githubusercontent.com" · headercat-phpstan-extension-ide-helper-178a81f/src/Command/BisectCommand.php |
| medium | Remote Payload | matched "raw.githubusercontent.com" · headercat-phpstan-extension-ide-helper-178a81f/src/Command/ErrorFormatter/JunitErrorFormatter.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2.2.2 | High risk | 49 | 2026-06-05 |
Block this in CI
pkgradar gate --ecosystem composer headercat/[email protected]