PkgRadar

npm · registry.npmjs.org

@lateos/npm-scan

Known Indicator Filename: package/backend/detectors/mini-shai-hulud/d1-burst-publish.js

Why PkgRadar flagged 0.16.0

SeveritySignalEvidence
highKnown Indicator Filenamepackage/backend/detectors/mini-shai-hulud/d1-burst-publish.js · package/backend/detectors/mini-shai-hulud/d1-burst-publish.js
highKnown Indicator Filenamepackage/backend/detectors/mini-shai-hulud/d2-sibling-compromise.js · package/backend/detectors/mini-shai-hulud/d2-sibling-compromise.js
highKnown Indicator Filenamepackage/backend/detectors/mini-shai-hulud/d3-slsa-mismatch.js · package/backend/detectors/mini-shai-hulud/d3-slsa-mismatch.js
highKnown Indicator Filenamepackage/backend/detectors/mini-shai-hulud/d4-maintainer-anomaly.js · package/backend/detectors/mini-shai-hulud/d4-maintainer-anomaly.js
highKnown Indicator Filenamepackage/backend/detectors/mini-shai-hulud/d5-ioc-check.js · package/backend/detectors/mini-shai-hulud/d5-ioc-check.js
highKnown Indicator Filenamepackage/backend/detectors/mini-shai-hulud/d6-token-exfil.js · package/backend/detectors/mini-shai-hulud/d6-token-exfil.js
highKnown Indicator Filenamepackage/backend/detectors/mini-shai-hulud/index.js · package/backend/detectors/mini-shai-hulud/index.js
highKnown Indicator Filenamepackage/backend/detectors/mini-shai-hulud/iocs.json · package/backend/detectors/mini-shai-hulud/iocs.json

Scanned versions

VersionVerdictScoreScanned (UTC)
0.16.0High risk1052026-06-10
0.15.6High risk1052026-06-10
0.16.4High risk772026-06-10
1.2.9High risk1152026-06-10
1.2.8High risk1152026-06-10
1.2.5High risk1152026-06-10
1.2.4High risk1652026-06-10
1.2.1High risk1152026-06-10
1.2.0High risk1152026-06-10
1.1.1High risk1152026-06-10
1.1.0High risk1152026-06-10
1.0.0High risk1152026-06-10
0.18.2High risk772026-06-10
0.18.3High risk772026-06-10
0.18.1High risk772026-06-10
0.17.1High risk772026-06-10
0.18.0High risk772026-06-10
0.17.0High risk772026-06-10
0.16.5High risk772026-06-10
0.15.4High risk1052026-06-10
0.15.5High risk732026-06-10

Block this in CI

PkgRadar gates @lateos/npm-scan (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @lateos/[email protected]
Start free — 25 scans / moView full evidence