PkgRadar

npm · registry.npmjs.org

@comment-io/cli

Js Decode Then Exec: base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern.

Why PkgRadar flagged 0.1.7-alpha.166

SeveritySignalEvidence
highJs Decode Then Execbase64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/mcp/comment-mcp.mjs

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.16-alpha.450Low risk02026-06-17
0.1.16-alpha.449Low risk02026-06-17
0.1.15Low risk02026-06-17
0.1.15-alpha.446Low risk02026-06-17
0.1.15-alpha.403Low risk02026-06-14
0.1.15-alpha.382Low risk02026-06-14
0.1.15-alpha.380Low risk02026-06-13
0.1.15-alpha.379Low risk02026-06-12
0.1.15-alpha.377Low risk02026-06-12
0.1.15-alpha.375Low risk02026-06-12
0.1.15-alpha.370Low risk02026-06-12
0.1.15-alpha.369Low risk02026-06-12
0.1.14Low risk02026-06-11
0.1.14-alpha.366Low risk02026-06-11
0.1.14-alpha.365Low risk02026-06-11
0.1.14-alpha.347Low risk02026-06-09
0.1.14-alpha.341Low risk02026-06-09
0.1.13Low risk02026-06-09
0.1.13-alpha.331Low risk02026-06-09
0.1.13-alpha.332Low risk02026-06-09
0.1.13-alpha.330Low risk02026-06-09
0.1.13-alpha.328Low risk02026-06-09
0.1.13-alpha.324Low risk02026-06-09
0.1.13-alpha.322Low risk02026-06-08
0.1.13-alpha.314Low risk02026-06-06
0.1.13-alpha.311Low risk02026-06-05
0.1.13-alpha.310Low risk02026-06-05
0.1.13-alpha.308Low risk02026-06-04
0.1.12Low risk02026-06-04
0.1.12-alpha.303Low risk02026-06-04
0.1.11Low risk02026-06-04
0.1.10Low risk02026-06-03
0.1.11-alpha.289Low risk02026-06-03
0.1.10-alpha.286Low risk02026-06-03
0.1.10-alpha.287Low risk02026-06-03
0.1.10-alpha.277Low risk02026-06-03
0.1.10-alpha.275Low risk02026-06-02
0.1.10-alpha.274Low risk02026-06-02
0.1.10-alpha.271Low risk02026-06-02
0.1.10-alpha.272Low risk02026-06-02
0.1.10-alpha.269Low risk02026-06-02
0.1.10-alpha.267Low risk02026-06-02
0.1.10-alpha.266Low risk02026-06-02
0.1.10-alpha.263Low risk02026-06-01
0.1.10-alpha.261Low risk02026-06-01
0.1.10-alpha.259Low risk02026-06-01
0.1.10-alpha.260Low risk02026-06-01
0.1.10-alpha.255Low risk02026-06-01
0.1.9Low risk02026-06-01
0.1.9-alpha.253Low risk02026-05-31
0.1.9-alpha.251Low risk02026-05-31
0.1.9-alpha.249Low risk02026-05-31
0.1.9-alpha.248Low risk02026-05-31
0.1.9-alpha.247Low risk02026-05-31
0.1.9-alpha.246Low risk02026-05-31
0.1.9-alpha.245Low risk02026-05-31
0.1.9-alpha.243Low risk02026-05-31
0.1.9-alpha.242Low risk02026-05-31
0.1.9-alpha.240Low risk02026-05-31
0.1.9-alpha.239Low risk02026-05-31
0.1.9-alpha.238Low risk02026-05-31
0.1.9-alpha.237Low risk02026-05-30
0.1.9-alpha.235Low risk02026-05-30
0.1.9-alpha.233Low risk02026-05-30
0.1.9-alpha.231Low risk02026-05-30
0.1.9-alpha.232Low risk02026-05-30
0.1.9-alpha.228Low risk02026-05-30
0.1.9-alpha.227Low risk02026-05-30
0.1.9-alpha.226Low risk02026-05-30
0.1.9-alpha.219Low risk02026-05-30
0.1.9-alpha.218Low risk02026-05-30
0.1.9-alpha.217Low risk02026-05-30
0.1.9-alpha.216Low risk02026-05-30
0.1.8-alpha.213Low risk02026-05-30
0.1.8-alpha.212Low risk02026-05-30
0.1.8Low risk02026-05-30
0.1.7-alpha.207Low risk02026-05-29
0.1.7Low risk02026-05-29
0.1.7-alpha.166Review132026-05-29
0.1.7-alpha.168Review132026-05-29
0.1.7-alpha.157Review132026-05-28
0.1.7-alpha.159Review132026-05-28
0.1.7-alpha.154Review132026-05-28
0.1.7-alpha.155Review132026-05-28
0.1.7-alpha.151Review132026-05-28
0.1.7-alpha.152Review132026-05-28
0.1.7-alpha.148Low risk02026-05-28
0.1.7-alpha.149Low risk02026-05-28
0.1.7-alpha.133Low risk02026-05-27
0.1.7-alpha.135Low risk02026-05-27
0.1.7-alpha.91Low risk02026-05-26
0.1.7-alpha.90Low risk02026-05-26
0.1.7-alpha.89Low risk02026-05-26
0.1.7-alpha.86Low risk02026-05-25
0.1.7-alpha.85Low risk02026-05-25
0.1.7-alpha.84Low risk02026-05-25
0.1.7-alpha.81Low risk02026-05-25
0.1.7-alpha.82Low risk02026-05-25
0.1.7-alpha.77Low risk02026-05-25
0.1.7-alpha.78Low risk02026-05-25
0.1.7-alpha.69Low risk02026-05-25
0.1.7-alpha.70Low risk02026-05-25
0.1.7-alpha.48Review122026-05-25
0.1.7-alpha.45Review122026-05-24
0.1.7-alpha.44Review122026-05-24
0.1.7-alpha.43Review122026-05-24
0.1.7-alpha.42Review122026-05-24
0.1.7-alpha.39Review122026-05-24
0.1.7-alpha.40Review122026-05-24

Block this in CI

PkgRadar gates @comment-io/cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @comment-io/[email protected]
Start free — 25 scans / moView full evidence