PkgRadar

npm · registry.npmjs.org

@sanity/cli

Js Split Join Obfuscation: Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis.

Why PkgRadar flagged 0.0.0-20260528100500

SeveritySignalEvidence
highJs Split Join ObfuscationArray-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/dist/util/update/isInstalledUsingYarn.js

Scanned versions

VersionVerdictScoreScanned (UTC)
0.0.0-20260612111702Low risk02026-06-12
0.0.0-20260612101602Low risk02026-06-12
0.0.0-20260612095559Low risk02026-06-12
0.0.0-20260612092122Low risk02026-06-12
0.0.0-20260612085324Low risk02026-06-12
0.0.0-20260612080517Low risk02026-06-12
0.0.0-20260612074408Low risk02026-06-12
0.0.0-20260612071721Low risk02026-06-12
7.2.3Low risk02026-06-11
0.0.0-20260611125142Low risk02026-06-11
0.0.0-20260611115619Low risk02026-06-11
0.0.0-20260611121957Low risk02026-06-11
0.0.0-20260611113331Low risk02026-06-11
0.0.0-20260611101421Low risk02026-06-11
0.0.0-20260611092756Low risk02026-06-11
0.0.0-20260611085316Low risk02026-06-11
0.0.0-20260611083958Low risk02026-06-11
0.0.0-20260611083707Low risk02026-06-11
0.0.0-20260611083151Low risk02026-06-11
7.2.2Low risk02026-06-11
0.0.0-20260611081022Low risk02026-06-11
0.0.0-20260611075913Low risk02026-06-11
7.2.1Low risk02026-06-10
7.2.0Low risk02026-06-10
0.0.0-20260610123958Low risk02026-06-10
0.0.0-20260610102421Low risk02026-06-10
0.0.0-20260610095525Low risk02026-06-10
0.0.0-20260610094003Low risk02026-06-10
0.0.0-20260610093829Low risk02026-06-10
0.0.0-20260610082457Low risk02026-06-10
0.0.0-20260610082142Low risk02026-06-10
3.30.2-canary.46Low risk02026-06-10
7.1.0Low risk02026-06-08
7.0.1Low risk02026-06-04
7.0.2Low risk02026-06-04
7.0.0Low risk02026-06-04
6.7.2Low risk02026-06-03
0.0.0-20260603103657Low risk02026-06-03
6.7.1Low risk02026-06-02
6.7.0Low risk02026-06-02
0.0.0-20260528100500Review122026-05-28
0.0.0-20260527150220Low risk02026-05-27
0.0.0-20260527151743Low risk02026-05-27

Block this in CI

PkgRadar gates @sanity/cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @sanity/[email protected]
Start free — 25 scans / moView full evidence