npm · registry.npmjs.org

@mseep/claude-code-source

Js Hidden Powershell, Remote Payload, Credential file access

Why PkgRadar flagged 2.1.152

Severity	Signal	Evidence
high	Js Hidden Powershell	package/src/tools/PowerShellTool/pathValidation.ts
high	Js Hidden Powershell	package/src/utils/permissions/permissions.ts
high	Js Hidden Powershell	package/src/utils/permissions/yoloClassifier.ts
medium	Remote Payload	package/start-ollama.sh
medium	Remote Payload	package/src/utils/plugins/installCounts.ts
medium	Remote Payload	package/src/utils/releaseNotes.ts

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2.1.152`	Review	99	2026-06-22

Block this in CI

PkgRadar gates @mseep/claude-code-source (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @mseep/[email protected]