npm · registry.npmjs.org
@powerhousedao/ph-clint-app
Js Decode Then Exec: base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern.
Why PkgRadar flagged 0.1.0-dev.79
| Severity | Signal | Evidence |
|---|---|---|
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/connect/assets/dist-a96Z1QmW.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/connect/assets/dist-QVIUm2cb.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/connect/assets/pg_dump-CIr5PAEi.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/connect/assets/pglite.worker-8zkRavra.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/connect/assets/pglite.worker.legacy-BXvZd2ux.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.1.0-dev.87 | Low risk | 0 | 2026-06-12 |
0.1.0-dev.86 | Low risk | 0 | 2026-06-11 |
0.1.0-dev.85 | Low risk | 0 | 2026-06-11 |
0.1.0-dev.84 | Low risk | 0 | 2026-06-10 |
0.1.0-dev.83 | Low risk | 0 | 2026-06-05 |
0.1.0-dev.82 | Low risk | 0 | 2026-06-03 |
0.1.0-dev.81 | Low risk | 0 | 2026-06-03 |
0.1.0-dev.80 | Low risk | 0 | 2026-06-02 |
0.1.0-dev.79 | Review | 50 | 2026-05-29 |
0.1.0-dev.77 | Review | 5 | 2026-05-27 |
0.1.0-dev.78 | Review | 5 | 2026-05-27 |
Block this in CI
pkgradar gate --ecosystem npm @powerhousedao/[email protected]