npm · registry.npmjs.org
@getflip/swirl-components
Js Decode Then Exec: base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern.
Why PkgRadar flagged 0.496.0-beta-20260529075935
| Severity | Signal | Evidence |
|---|---|---|
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/swirl-components/p-6399de24.entry.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/cjs/swirl-file-viewer-audio_7.cjs.entry.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/esm/swirl-file-viewer-audio_7.entry.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/components/swirl-file-viewer-pdf2.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.502.1 | Low risk | 0 | 2026-06-12 |
0.502.0 | Low risk | 0 | 2026-06-12 |
0.501.0 | Low risk | 0 | 2026-06-11 |
0.500.0 | Low risk | 0 | 2026-06-11 |
0.498.1 | Low risk | 0 | 2026-06-08 |
0.498.0 | Low risk | 0 | 2026-06-02 |
0.497.0 | Low risk | 0 | 2026-06-02 |
0.496.0 | Low risk | 0 | 2026-05-29 |
0.496.0-beta-20260529075935 | Review | 15 | 2026-05-29 |
0.495.0 | Low risk | 0 | 2026-05-26 |
0.494.0 | Low risk | 0 | 2026-05-25 |
0.494.0-beta-20260525162942 | Low risk | 0 | 2026-05-25 |
0.493.1 | Review | 24 | 2026-05-25 |
0.493.2 | Review | 24 | 2026-05-25 |
Block this in CI
pkgradar gate --ecosystem npm @getflip/[email protected]