npm · registry.npmjs.org
@itfin/components
Js Decode Then Exec: base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern.
Why PkgRadar flagged 1.5.7
| Severity | Signal | Evidence |
|---|---|---|
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/src/components/pdf-viewer/pdfjs-dist/lib/display/font_loader.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/src/components/pdf-viewer/pdfjs-dist/build/pdf.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/src/components/pdf-viewer/pdfjs-dist/es5/build/pdf.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/src/components/pdf-viewer/pdfjs-dist/build/pdf.min.js |
| medium | Obfuscation Density | high encoded/escaped-token density · package/src/components/pdf-viewer/pdfjs-dist/lib/web/chromecom.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2.0.111 | Low risk | 0 | 2026-06-08 |
2.0.110 | Low risk | 0 | 2026-06-08 |
2.0.109 | Low risk | 0 | 2026-06-08 |
2.0.108 | Low risk | 0 | 2026-06-05 |
1.5.13 | Low risk | 0 | 2026-06-02 |
1.5.11 | Low risk | 0 | 2026-06-02 |
1.5.8 | Low risk | 0 | 2026-05-29 |
1.5.7 | Review | 31 | 2026-05-28 |
1.5.5 | Review | 6 | 2026-05-27 |
2.0.107 | Review | 6 | 2026-05-27 |
Block this in CI
pkgradar gate --ecosystem npm @itfin/[email protected]