npm · registry.npmjs.org

@needle-tools/engine

Js Split Join Obfuscation: Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis.

Why PkgRadar flagged 5.1.0-alpha.8

Severity	Signal	Evidence
high	Js Split Join Obfuscation	Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/dist/three.umd.cjs
high	Js Split Join Obfuscation	Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/dist/three.js
high	Js Split Join Obfuscation	Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/dist/three.min.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`5.1.0-canary.1781708259.constantine-the-great.e95b0ef`	Low risk	0	2026-06-17
`5.1.0-canary.1781705506.ramesses-the-great.1588ad8`	Low risk	0	2026-06-17
`5.1.0-canary.1781702410.meh-pierogi.cd54b5e`	Low risk	0	2026-06-17
`5.1.0-canary.1781689797.erik-the-red.aedef55`	Low risk	0	2026-06-17
`5.1.0-canary.1781621433.brooding-marie-antoinette.332086d`	Low risk	0	2026-06-16
`5.1.0-beta.2`	Low risk	0	2026-06-12
`5.1.0-beta.1`	Low risk	0	2026-06-09
`5.1.0-beta`	Low risk	0	2026-06-08
`5.1.0-canary.1780922887.william-the-conqueror.c7d26c0`	Low risk	0	2026-06-08
`5.1.0-canary.1780678487.dramatic-marco-polo.82e97da`	Low risk	0	2026-06-05
`5.1.0-alpha.9`	Low risk	0	2026-06-05
`5.1.0-next.1780579670.dramatic-pierogi.b8fa941`	Low risk	0	2026-06-04
`4.16.11`	Low risk	0	2026-06-04
`5.1.0-alpha.8`	Review	15	2026-05-29
`5.1.0-alpha.7`	Review	15	2026-05-29
`5.1.0-canary.1779986375.reasonable-macaron.35e9d4a`	Review	16	2026-05-28
`5.1.0-canary.sulky-napoleon-bonaparte.208767e`	Review	26	2026-05-27
`5.1.0-canary.1779901560.furious-charlemagne-of-franks.798a9aa`	Review	19	2026-05-27
`5.1.0-canary.1779818465.fine-biscotti.263706c`	Review	19	2026-05-26
`5.1.0-canary.sleepy-alexander-hamilton.7392af5`	Review	19	2026-05-26
`5.1.0-canary.reasonable-kimchi.bfe5fa0`	Review	19	2026-05-25
`5.1.0-canary.leif-erikson.3ea0bf7`	Review	19	2026-05-25
`5.1.0-canary.max-planck.33944ee`	Review	19	2026-05-25
`5.1.0-canary.ludwig-van-beethoven.aeeaaa2`	Review	19	2026-05-25
`5.1.0-canary.stoic-richard-the-third.493600a`	Review	19	2026-05-25

Block this in CI

PkgRadar gates @needle-tools/engine (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @needle-tools/[email protected]

Start free — 25 scans / mo View full evidence