PkgRadar

npm · registry.npmjs.org

@ibrahim1337/baksen

New Account With Lifecycle Hook, Install-time lifecycle script, Suspicious Publish Context

Early detection

PkgRadar flagged this 1.8 days before public disclosure

Detected 2026-06-27 · disclosed as MAL-2026-6575 on 2026-06-29

Why PkgRadar flagged 2.0.9

SeveritySignalEvidence
mediumNew Account With Lifecycle Hook
mediumSuspicious Publish Context

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
2.0.9High risk132026-06-29
2.0.8High risk132026-06-29
2.0.7High risk132026-06-29
2.0.6High risk552026-06-29
2.0.5High risk102026-06-29
2.0.4Review102026-06-27
2.0.3Review102026-06-27
2.0.2Review102026-06-27
2.0.1Review102026-06-27
2.0.0Review102026-06-27
1.5.0Review102026-06-27
1.4.0High risk152026-06-27
1.3.0High risk152026-06-27
1.2.0High risk272026-06-27
1.1.0High risk272026-06-27
1.0.0High risk152026-06-27

Block this in CI

PkgRadar gates @ibrahim1337/baksen (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @ibrahim1337/[email protected]
@ibrahim1337/baksen — npm malware advisory | PkgRadar