PkgRadar

npm · registry.npmjs.org

@purpur/library

Js Split Join Obfuscation: Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis.

Why PkgRadar flagged 9.8.0

SeveritySignalEvidence
highJs Split Join ObfuscationArray-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/dist/illustrative-icon/animated-illustrative-icon-Cc88HMC8.js
highJs Split Join ObfuscationArray-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/dist/illustrative-icon/illustrative-icon.cjs.js
highJs Split Join ObfuscationArray-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/dist/illustrative-icon/illustrative-icon.es.js
highJs Split Join ObfuscationArray-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/dist/illustrative-icon/animated-illustrative-icon-saKeBxEm.mjs

Scanned versions

VersionVerdictScoreScanned (UTC)
9.8.0Review502026-06-11
9.7.5Review502026-06-05
9.7.4Review502026-06-05
9.7.3Review502026-06-05
9.7.2Review502026-06-05
9.7.1Review502026-06-04
9.7.0Review502026-06-03
9.5.0Low risk02026-05-26
9.6.0Low risk02026-05-26

Block this in CI

PkgRadar gates @purpur/library (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @purpur/[email protected]
Start free — 25 scans / moView full evidence