npm · registry.npmjs.org
@evalops/maestro
Js Split Join Obfuscation: Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis.
Why PkgRadar flagged 0.10.48
| Severity | Signal | Evidence |
|---|---|---|
| high | Js Split Join Obfuscation | Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/dist/safety/credential-patterns.js |
| high | Js Split Join Obfuscation | Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/dist/memory/team-memory-secret-scan.js |
| high | Credential file access | matched "AWS_ACCESS_KEY" · package/dist/oauth/command-key.js |
| high | Install Lifecycle Remote Or Exec | postinstall="node -e \"const fs=require('node:fs');const cp=require('node:child_process');if(!fs.existsSync('./scripts/ensure-deps.js')||!fs.existsSync('./packages/contracts/package.json'))process.exit(0);const r=cp.spawnSync(process.execPath,['./scripts/ensure-deps.js','--no-install'],{stdio:'inherit'});process.exit(r.status??1);\"" · package.json |
| medium | Credential file access | matched "AWS_ACCESS_KEY" · package/dist/agent/providers/google.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.10.48 | Review | 45 | 2026-05-30 |
0.10.47 | Review | 48 | 2026-05-29 |
0.10.45 | Review | 48 | 2026-05-28 |
0.10.46 | Review | 48 | 2026-05-28 |
0.10.44 | Review | 51 | 2026-05-28 |
0.10.43 | Review | 51 | 2026-05-28 |
0.10.41 | Review | 51 | 2026-05-28 |
0.10.42 | Review | 51 | 2026-05-28 |
0.10.39 | Review | 43 | 2026-05-27 |
0.10.40 | Review | 43 | 2026-05-27 |
0.10.38 | Review | 43 | 2026-05-27 |
0.10.36 | Review | 43 | 2026-05-27 |
0.10.37 | Review | 43 | 2026-05-27 |
0.10.31 | Review | 43 | 2026-05-26 |
0.10.30 | Review | 43 | 2026-05-26 |
0.10.29 | Review | 43 | 2026-05-26 |
0.10.28 | Review | 43 | 2026-05-26 |
0.10.26 | Review | 43 | 2026-05-25 |
0.10.25 | Review | 43 | 2026-05-25 |
0.10.23 | Review | 145 | 2026-05-25 |
0.10.24 | Review | 145 | 2026-05-25 |
Block this in CI
pkgradar gate --ecosystem npm @evalops/[email protected]