npm · registry.npmjs.org
@neuctra/cms-core
Reverse Shell: matched "mkfifo|mkfs|mkisofs|mknod|mkswap|mmv|more|most|mount|mtools|mtr|mutt|mv|nano|nc|netstat|nice|nl|node|nohup|notify-send|npm|nslookup|op|open|parted|passwd|paste|pathchk|ping|pkill|pnpm|podman|podman-compose|popd|pr|printcap|printenv|ps|pushd|pv|quota|quotacheck|quotactl|ram|rar|rcp|reboot|remsync|rename|renice|rev|rm|rmdir|rpm|rsync|scp|screen|sdiff|sed|sendmail|seq|service|sftp|sh" — reverse-shell shape
Why PkgRadar flagged 1.0.13
| Severity | Signal | Evidence |
|---|---|---|
| high | Reverse Shell | matched "mkfifo|mkfs|mkisofs|mknod|mkswap|mmv|more|most|mount|mtools|mtr|mutt|mv|nano|nc|netstat|nice|nl|node|nohup|notify-send|npm|nslookup|op|open|parted|passwd|paste|pathchk|ping|pkill|pnpm|podman|podman-compose|popd|pr|printcap|printenv|ps|pushd|pv|quota|quotacheck|quotactl|ram|rar|rcp|reboot|remsync|rename|renice|rev|rm|rmdir|rpm|rsync|scp|screen|sdiff|sed|sendmail|seq|service|sftp|sh" — reverse-shell shape · package/dist/index.es.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.0.13 | High risk | 40 | 2026-06-20 |
1.0.12 | Low risk | 0 | 2026-06-18 |
1.0.11 | Low risk | 0 | 2026-06-07 |
1.0.9 | Low risk | 0 | 2026-06-02 |
1.0.10 | Low risk | 0 | 2026-06-02 |
1.0.7 | Low risk | 0 | 2026-05-31 |
1.0.8 | Low risk | 0 | 2026-05-31 |
Related campaigns
Block this in CI
pkgradar gate --ecosystem npm @neuctra/[email protected]