npm · registry.npmjs.org

@antcde/connect-ts

Js Split Join Obfuscation: Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis.

Why PkgRadar flagged 0.4.17-rc.0c54737

Severity	Signal	Evidence
high	Js Split Join Obfuscation	Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/build/services/TaskServiceQueries.js
high	Js Split Join Obfuscation	Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/build/services/WorkflowServiceQueries.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.4.18-rc.528dd66`	Low risk	0	2026-06-11
`0.4.17`	Low risk	0	2026-06-10
`0.4.18-rc.6346d95`	Low risk	0	2026-06-10
`0.4.18-rc.00a441c`	Low risk	0	2026-06-01
`0.4.18-rc.19506c9`	Low risk	0	2026-06-01
`0.4.18-rc.8f1db38`	Low risk	0	2026-06-01
`0.4.17-rc.0c54737`	Review	25	2026-05-28
`0.4.18-rc.703ea01`	Review	25	2026-05-28

Block this in CI

PkgRadar gates @antcde/connect-ts (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @antcde/[email protected]

Start free — 25 scans / mo View full evidence