PkgRadar

npm · registry.npmjs.org

@alan-zhao/yolk-pi-web

Reverse Shell, Suspicious Publish Context

Why PkgRadar flagged 0.7.0

SeveritySignalEvidence
highReverse Shell
mediumSuspicious Publish Context

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
0.7.0High risk502026-07-01
0.7.1High risk502026-07-01

Related campaigns

Block this in CI

PkgRadar gates @alan-zhao/yolk-pi-web (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @alan-zhao/[email protected]
@alan-zhao/yolk-pi-web — npm security scan | PkgRadar