npm · registry.npmjs.org
@hearmeman24/blockflow
Js Hidden Powershell: Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.
Why PkgRadar flagged 0.1.11
| Severity | Signal | Evidence |
|---|---|---|
| high | Js Hidden Powershell | Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/bin/blockflow.mjs |
| medium | Remote Payload | matched "github.com/FiloSottile/mkcert/releases/download" · package/frontend/.next/standalone/node_modules/next/dist/lib/mkcert.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.1.11 | Review | 29 | 2026-06-05 |
0.1.10 | Review | 29 | 2026-06-04 |
0.1.8 | Review | 29 | 2026-06-01 |
0.1.7 | Review | 27 | 2026-06-01 |
0.1.6 | Review | 27 | 2026-06-01 |
0.1.5 | Review | 27 | 2026-05-31 |
0.1.0 | Review | 75 | 2026-05-30 |
0.1.4 | Review | 26 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem npm @hearmeman24/[email protected]