npm · registry.npmjs.org
@evalguard/core
Js Decode Then Exec: base64 / atob / fromCharCode decode adjacent to eval / new Function — canonical obfuscated-loader pattern.
Why PkgRadar flagged 1.0.1
| Severity | Signal | Evidence |
|---|---|---|
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode adjacent to eval / new Function — canonical obfuscated-loader pattern. · package/dist/firewall/detection-engine.js |
| high | Webhook Exfil Endpoint | matched "webhook.site" · package/dist/security/plugins/coding-agent-network-egress.js |
| high | Webhook Exfil Endpoint | matched "hooks.slack.com/services/" · package/dist/security/plugins/coding-agent-secret-env-read.js |
| high | Webhook Exfil Endpoint | matched "webhook.site" · package/dist/security/plugins/mcp-data-exfiltration.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/integrations/telegram.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.0.1 | High risk | 177 | 2026-06-04 |
1.1.0 | Review | 60 | 2026-06-04 |
Related campaigns
- webhook_exfil_endpoint:matched "webhook.site" — 190 releases, max score 253
- js_decode_then_exec:base64 / atob / fromcharcode decode adjacent to eval / new function — canonical obfuscated-loader pattern. — 16 releases, max score 177
Block this in CI
pkgradar gate --ecosystem npm @evalguard/[email protected]