npm · registry.npmjs.org
@pushary/agent-hooks
Js Obfuscated Fetch Exec: Hex-decoded literal + network fetch + child-process exec — staged obfuscated-loader / dropper (hides the C2 URL from literal-URL detection).
Why PkgRadar flagged 0.18.3
| Severity | Signal | Evidence |
|---|---|---|
| high | Js Obfuscated Fetch Exec | Hex-decoded literal + network fetch + child-process exec — staged obfuscated-loader / dropper (hides the C2 URL from literal-URL detection). · package/dist/bin/pushary-setup.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.18.3 | High risk | 45 | 2026-06-20 |
0.18.2 | High risk | 45 | 2026-06-20 |
0.18.0 | Low risk | 0 | 2026-06-19 |
0.18.1 | Low risk | 0 | 2026-06-19 |
0.17.0 | Low risk | 0 | 2026-06-14 |
0.16.0 | Low risk | 0 | 2026-06-11 |
0.14.4 | Low risk | 0 | 2026-06-09 |
0.15.0 | Low risk | 0 | 2026-06-09 |
0.14.3 | Low risk | 0 | 2026-06-09 |
0.14.2 | Low risk | 0 | 2026-06-09 |
0.14.1 | Low risk | 0 | 2026-06-08 |
0.14.0 | Low risk | 0 | 2026-06-07 |
0.13.0 | Low risk | 0 | 2026-06-07 |
0.12.0 | Low risk | 0 | 2026-06-03 |
0.11.1 | Low risk | 0 | 2026-05-31 |
0.11.0 | Low risk | 0 | 2026-05-31 |
0.10.1 | Low risk | 0 | 2026-05-31 |
0.10.0 | Low risk | 0 | 2026-05-31 |
0.9.1 | Low risk | 0 | 2026-05-31 |
0.8.3 | Low risk | 0 | 2026-05-31 |
0.9.0 | Low risk | 0 | 2026-05-31 |
Block this in CI
pkgradar gate --ecosystem npm @pushary/[email protected]