PkgRadar

npm · registry.npmjs.org

@nocobase/plugin-block-markdown

Js Decode Then Exec: base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern.

Why PkgRadar flagged 2.0.60

SeveritySignalEvidence
highJs Decode Then Execbase64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/client/vditor/dist/js/markmap/markmap.min.js

Scanned versions

VersionVerdictScoreScanned (UTC)
2.2.0-beta.2Low risk02026-06-13
2.1.4Low risk02026-06-13
2.1.3Low risk02026-06-12
2.1.1Low risk02026-06-11
2.1.2Low risk02026-06-11
2.1.0Low risk02026-06-10
2.2.0-beta.1Low risk02026-06-10
2.2.0-alpha.1Low risk02026-06-10
2.0.62Low risk02026-06-10
2.1.0-beta.48Low risk02026-06-10
2.1.0-beta.47Low risk02026-06-09
2.1.0-beta.46Low risk02026-06-08
2.1.0-beta.45Low risk02026-06-08
2.1.0-alpha.47Low risk02026-06-08
2.1.0-alpha.46Low risk02026-06-04
2.1.0-beta.44Low risk02026-06-03
2.0.61Low risk02026-06-03
2.1.0-beta.43Low risk02026-06-02
2.1.0-beta.42Low risk02026-06-01
2.1.0-beta.41Low risk02026-05-30
2.1.0-beta.40Low risk02026-05-30
2.1.0-alpha.45Low risk02026-05-29
2.0.60Review312026-05-29
2.1.0-beta.38Review312026-05-29
2.0.59Review622026-05-28
2.0.58Review622026-05-28
2.1.0-beta.37Review302026-05-26
2.1.0-alpha.40Review302026-05-25
2.0.57Review302026-05-25

Block this in CI

PkgRadar gates @nocobase/plugin-block-markdown (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @nocobase/[email protected]
Start free — 25 scans / moView full evidence