PkgRadar

Composer · packagist.org

pie-extensions/protobuf

Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.

Why PkgRadar flagged 35.1

SeveritySignalEvidence
highPhp Base64 Eval Chainbase64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · pie-extensions-protobuf-8689d65/src/php/tests/memory_leak_test.php
highPhp Assert String Execassert() called with a variable — PHP's deprecated string-exec backdoor. · pie-extensions-protobuf-8689d65/src/php/tests/memory_leak_test.php

Scanned versions

VersionVerdictScoreScanned (UTC)
35.1High risk852026-06-12

Block this in CI

PkgRadar gates pie-extensions/protobuf (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer pie-extensions/[email protected]
Start free — 25 scans / moView full evidence