PkgRadar

Composer · packagist.org

ledgehq/ledge-craft

Php Base64 Eval Chain, Php Shell With Decode

Why PkgRadar flagged 4.1.3

SeveritySignalEvidence
highPhp Base64 Eval Chain
highPhp Shell With Decode

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
4.1.3High risk752026-07-14
5.2.3High risk752026-07-14
4.0.5Low risk02026-06-02
5.0.5Low risk02026-06-02
5.0.4Low risk02026-05-28
5.0.3Low risk02026-05-28
4.0.0Low risk02026-05-27

Block this in CI

PkgRadar gates ledgehq/ledge-craft (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer ledgehq/[email protected]
ledgehq/ledge-craft — Composer security scan | PkgRadar