Composer · packagist.org
tokushima/ebi
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged 4.2.10
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · tokushima-ebi-43ab1dc/lib/ebi/Util.php |
| high | Php Backtick With Decode | Backtick shell-out combined with base64/hex decode. · tokushima-ebi-43ab1dc/lib/ebi/Util.php |
| medium | Composer Abandoned Package | Packagist marked this package abandoned — maintainer signaled it should not be used. |
| medium | Remote Payload | matched "cURL " · tokushima-ebi-43ab1dc/lib/ebi/HttpClient.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
4.2.10 | High risk | 102 | 2026-06-07 |
4.2.8 | High risk | 87 | 2026-06-01 |
4.2.9 | High risk | 102 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem composer tokushima/[email protected]