npm · registry.npmjs.org

@kaitranntt/ccs

Js Hidden Powershell: Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.

Why PkgRadar flagged 8.1.4

Severity	Signal	Evidence
high	Js Hidden Powershell	Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm \| iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/dist/utils/claude-detector.js
medium	Credential file access	matched "github_token" · package/dist/copilot/copilot-auth.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`8.1.4`	High risk	49	2026-06-13
`8.1.4-dev.1`	High risk	49	2026-06-13
`8.2.0-dev.9`	High risk	49	2026-06-13
`8.2.0-dev.8`	High risk	49	2026-06-12
`8.2.0-dev.7`	High risk	49	2026-06-10
`8.2.0-dev.6`	High risk	49	2026-06-10
`8.2.0-dev.5`	High risk	49	2026-06-10
`8.2.0-dev.4`	High risk	49	2026-06-10
`8.1.0-dev.11`	High risk	49	2026-06-10
`8.1.0-dev.12`	High risk	49	2026-06-10
`8.1.0-dev.10`	High risk	49	2026-06-10
`8.1.0-dev.9`	High risk	49	2026-06-10
`8.2.0-dev.2`	High risk	49	2026-06-10
`8.2.0-dev.1`	High risk	49	2026-06-10
`8.2.0`	High risk	49	2026-06-10
`8.1.4-dev.8`	High risk	49	2026-06-10
`8.1.4-dev.7`	High risk	49	2026-06-10
`8.1.4-dev.6`	High risk	49	2026-06-10
`8.1.4-dev.5`	High risk	49	2026-06-10
`8.1.4-dev.4`	High risk	49	2026-06-10
`8.1.4-dev.3`	High risk	49	2026-06-10
`8.1.4-dev.2`	High risk	49	2026-06-10
`8.2.0-dev.3`	High risk	49	2026-06-10
`8.1.0-dev.7`	High risk	49	2026-06-10
`8.1.0-dev.6`	High risk	49	2026-06-10
`8.1.0-dev.5`	High risk	49	2026-06-10

Block this in CI

PkgRadar gates @kaitranntt/ccs (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @kaitranntt/[email protected]

Start free — 25 scans / mo View full evidence