npm · registry.npmjs.org
@paypal/messaging-components
Js Decode Then Exec: base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern.
Why PkgRadar flagged 1.84.1
| Severity | Signal | Evidence |
|---|---|---|
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/bizcomponents/js/messaging.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/bizcomponents/sandbox/messaging.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/bizcomponents/stage/messaging.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/bizcomponents/js/versioned/[email protected] |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/bizcomponents/sandbox/versioned/[email protected] |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/bizcomponents/stage/versioned/[email protected] |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/bizcomponents/js/modal.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/bizcomponents/sandbox/modal.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/bizcomponents/stage/modal.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/bizcomponents/js/versioned/[email protected] |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/bizcomponents/sandbox/versioned/[email protected] |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/bizcomponents/stage/versioned/[email protected] |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.87.0 | Low risk | 0 | 2026-06-11 |
1.83.0 | Low risk | 0 | 2026-06-08 |
1.86.0 | Low risk | 0 | 2026-06-08 |
1.84.1 | Review | 15 | 2026-05-28 |
1.85.0 | Review | 15 | 2026-05-28 |
Block this in CI
pkgradar gate --ecosystem npm @paypal/[email protected]