npm · registry.npmjs.org
@marketrix.ai/widget
Js Decode Then Exec: base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern.
Why PkgRadar flagged 3.3.241
| Severity | Signal | Evidence |
|---|---|---|
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/widget.mjs |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
3.8.10 | Low risk | 0 | 2026-06-03 |
3.8.9 | Low risk | 0 | 2026-06-02 |
3.8.3 | Low risk | 0 | 2026-06-02 |
3.8.2 | Low risk | 0 | 2026-06-02 |
3.8.0 | Low risk | 0 | 2026-06-01 |
3.3.242 | Low risk | 0 | 2026-05-29 |
3.3.241 | Review | 45 | 2026-05-29 |
3.3.240 | Review | 45 | 2026-05-29 |
3.3.239 | Review | 45 | 2026-05-28 |
3.3.237 | Low risk | 0 | 2026-05-28 |
3.3.238 | Low risk | 0 | 2026-05-28 |
3.3.235 | Low risk | 0 | 2026-05-26 |
3.3.226 | Low risk | 0 | 2026-05-24 |
3.3.230 | Low risk | 0 | 2026-05-24 |
Block this in CI
pkgradar gate --ecosystem npm @marketrix.ai/[email protected]