PkgRadar

Composer · packagist.org

ramon/backup

Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.

Why PkgRadar flagged v2.0.19

SeveritySignalEvidence
highPhp Base64 Eval Chainbase64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · ram0ng1-backup-d5530cf/src/Job/JobState.php
highPhp Backtick With DecodeBacktick shell-out combined with base64/hex decode. · ram0ng1-backup-d5530cf/src/Job/JobState.php

Scanned versions

VersionVerdictScoreScanned (UTC)
v2.0.19High risk752026-06-07
v2.0.18High risk752026-05-31
v2.0.17High risk752026-05-30

Block this in CI

PkgRadar gates ramon/backup (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer ramon/[email protected]
Start free — 25 scans / moView full evidence
ramon/backup — Composer security scan | PkgRadar