npm · registry.npmjs.org
@anas.abubakar/swarm
Js Hidden Powershell: Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.
Why PkgRadar flagged 0.0.4
| Severity | Signal | Evidence |
|---|---|---|
| high | Js Hidden Powershell | Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/dist/tools/PowerShellTool/pathValidation.js |
| high | Js Hidden Powershell | Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/dist/utils/permissions/permissions.js |
| high | Js Hidden Powershell | Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/dist/utils/permissions/yoloClassifier.js |
| high | Js Split Join Obfuscation | Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/dist/services/teamMemorySync/secretScanner.js |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/dist/utils/plugins/installCounts.js |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/dist/utils/releaseNotes.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.0.4 | Review | 139 | 2026-05-29 |
0.0.5 | Review | 139 | 2026-05-29 |
Block this in CI
pkgradar gate --ecosystem npm @anas.abubakar/[email protected]