PkgRadar

npm · registry.npmjs.org

@scandiumsys/owstra-rules

Js Hidden Powershell: Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.

Why PkgRadar flagged 1.1.2

SeveritySignalEvidence
highJs Hidden PowershellHidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/dist/languages/csharp/csharp-lang-security-ssrf.js
highJs Hidden PowershellHidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/dist/languages/csharp/lang-security-ssrf.js
highJs Hidden PowershellHidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/src/languages/csharp/csharp-lang-security-ssrf.ts
highJs Hidden PowershellHidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/src/languages/csharp/lang-security-ssrf.ts

Scanned versions

VersionVerdictScoreScanned (UTC)
1.1.2Review602026-06-01
1.1.4Review602026-06-01

Block this in CI

PkgRadar gates @scandiumsys/owstra-rules (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @scandiumsys/[email protected]
Start free — 25 scans / moView full evidence