npm · registry.npmjs.org

@georgedong32/ccs

Js Hidden Powershell: Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.

Why PkgRadar flagged 7.67.5

Severity	Signal	Evidence
high	Js Hidden Powershell	Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm \| iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/dist/utils/claude-detector.js
medium	Credential file access	matched "github_token" · package/dist/copilot/copilot-auth.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`7.67.5`	High risk	65	2026-06-05
`7.67.4`	High risk	65	2026-06-05
`7.67.3`	High risk	65	2026-06-05
`7.67.2`	High risk	65	2026-06-05
`8.0.4`	High risk	70	2026-06-05
`8.0.3`	High risk	70	2026-06-05
`8.0.2`	High risk	70	2026-06-05
`8.0.0`	High risk	70	2026-06-04
`8.0.1`	High risk	70	2026-06-04

Related campaigns

js_hidden_powershell:hidden / non-interactive powershell invocation in package code — `-windowstyle hidden`, `irm | iex`, `windowshide: true`, or equivalent — used to download-and-run payloads on windows installers. — 224 releases, max score 189

Block this in CI

PkgRadar gates @georgedong32/ccs (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @georgedong32/[email protected]

Start free — 25 scans / mo View full evidence