npm · registry.npmjs.org

@devvit/ui-renderer

Js Decode Then Exec: base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern.

Why PkgRadar flagged 0.13.1-next-2026-05-28-21-15-15-d4656db34.0

Severity	Signal	Evidence
high	Js Decode Then Exec	base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/devvit-custom-post.min.js
high	Js Decode Then Exec	base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/devvit-surface.min.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.10.22-next-2024-06-04-f0f7d7f78.0`	Low risk	0	2026-06-11
`0.13.4-next-2026-06-11-22-17-10-33b2eef86.0`	Low risk	0	2026-06-11
`0.10.22-next-2024-06-04-d74d15d1f.0`	Low risk	0	2026-06-11
`0.13.4-next-2026-06-11-20-30-05-93289fb99.0`	Low risk	0	2026-06-11
`0.10.22-next-2024-06-04-2225ea46e.0`	Low risk	0	2026-06-11
`0.10.22-next-2024-06-04-50491cc24.0`	Low risk	0	2026-06-11
`0.10.22-next-2024-06-04-bc2080780.0`	Low risk	0	2026-06-11
`0.13.4-next-2026-06-09-17-51-44-306b53b16.0`	Low risk	0	2026-06-09
`0.13.4-next-2026-06-09-13-56-04-2aca605ab.0`	Low risk	0	2026-06-09
`0.13.4-next-2026-06-08-21-39-16-ec90a6d8c.0`	Low risk	0	2026-06-09
`0.13.4-next-2026-06-08-21-01-38-5c081a6ef.0`	Low risk	0	2026-06-08
`0.13.4-next-2026-06-08-19-47-28-ed827deb5.0`	Low risk	0	2026-06-08
`0.13.4-next-2026-06-08-18-35-58-42d80e0d0.0`	Low risk	0	2026-06-08
`0.13.4-next-2026-06-08-16-25-39-2f5841720.0`	Low risk	0	2026-06-08
`0.13.4-next-2026-06-08-15-51-46-178501ef8.0`	Low risk	0	2026-06-08
`0.13.4-next-2026-06-08-11-11-20-42c139255.0`	Low risk	0	2026-06-08
`0.13.3`	Low risk	0	2026-06-08
`0.13.3-next-2026-06-05-19-35-32-ded2e40b6.0`	Low risk	0	2026-06-05
`0.13.3-next-2026-06-04-22-35-10-7ecba6625.0`	Low risk	0	2026-06-04
`0.13.3-next-2026-06-04-21-14-49-03230092e.0`	Low risk	0	2026-06-04
`0.13.3-next-2026-06-04-19-05-50-e3b14396a.0`	Low risk	0	2026-06-04
`0.13.3-next-2026-06-04-19-22-08-2ba1b1635.0`	Low risk	0	2026-06-04
`0.13.3-next-2026-06-03-23-07-45-2d74a394a.0`	Low risk	0	2026-06-03
`0.13.3-next-2026-06-03-22-21-42-94765cee0.0`	Low risk	0	2026-06-03
`0.13.3-next-2026-06-03-20-27-39-426987c97.0`	Low risk	0	2026-06-03
`0.13.3-next-2026-06-03-20-45-14-1c88bf2bc.0`	Low risk	0	2026-06-03
`0.13.3-next-2026-06-03-18-13-31-8add71db2.0`	Low risk	0	2026-06-03
`0.13.3-next-2026-06-03-18-43-20-9734748ae.0`	Low risk	0	2026-06-03
`0.13.3-next-2026-06-02-22-14-48-36888419c.0`	Low risk	0	2026-06-02
`0.13.2-next-2026-06-02-21-22-46-a2cefb5eb.0`	Low risk	0	2026-06-02
`0.13.2-next-2026-06-02-20-48-33-a2cefb5eb.0`	Low risk	0	2026-06-02
`0.13.2`	Low risk	0	2026-06-02
`0.13.2-next-2026-06-02-17-42-32-e2312e1f4.0`	Low risk	0	2026-06-02
`0.13.1-next-2026-06-02-13-44-11-e878c057b.0`	Low risk	0	2026-06-02
`0.13.1-next-2026-06-02-15-04-19-21bc39570.0`	Low risk	0	2026-06-02
`0.13.1-next-2026-06-02-10-45-41-0418cd746.0`	Low risk	0	2026-06-02
`0.13.1-next-2026-06-01-19-43-24-659647051.0`	Low risk	0	2026-06-01
`0.13.1-next-2026-06-01-20-04-31-c22265910.0`	Low risk	0	2026-06-01
`0.13.1-next-2026-05-29-19-54-42-377fc7e30.0`	Low risk	0	2026-05-29
`0.13.1-next-2026-05-28-21-15-15-d4656db34.0`	Review	25	2026-05-29
`0.13.1-next-2026-05-27-21-12-28-f40a9bbd3.0`	Low risk	0	2026-05-28
`0.13.1-next-2026-05-27-22-50-14-2f8c5db01.0`	Low risk	0	2026-05-28
`0.13.1-next-2026-05-26-21-13-04-ac7f314eb.0`	Low risk	0	2026-05-27
`0.13.1-next-2026-05-26-22-50-32-95d11e9ff.0`	Low risk	0	2026-05-27

Block this in CI

PkgRadar gates @devvit/ui-renderer (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @devvit/[email protected]

Start free — 25 scans / mo View full evidence