npm · registry.npmjs.org

@evan-moon/firma

Obfuscation Density: high encoded/escaped-token density

Why PkgRadar flagged 0.19.0

Severity	Signal	Evidence
medium	Obfuscation Density	high encoded/escaped-token density · package/dist/index.js
medium	Remote Payload	matched "raw.githubusercontent.com" · package/dist/mcp.js
medium	Obfuscation Density	high encoded/escaped-token density · package/dist/mcp.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.21.0`	Low risk	0	2026-05-31
`0.19.0`	Review	12	2026-05-24
`0.20.0`	Review	12	2026-05-24

Block this in CI

PkgRadar gates @evan-moon/firma (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @evan-moon/[email protected]