PkgRadar

npm · registry.npmjs.org

@storybook/nextjs-vite

Js Decode Then Exec: base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern.

Why PkgRadar flagged 0.0.0-pr-34837-sha-ef2a6413

SeveritySignalEvidence
highJs Decode Then Execbase64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/_node-chunks/lexer-DQCqS3nf-XNDDMGG2.js

Scanned versions

VersionVerdictScoreScanned (UTC)
0.0.0-pr-35110-sha-93e5f124Low risk02026-06-17
0.0.0-pr-35110-sha-b27dbf7fLow risk02026-06-17
0.0.0-pr-35110-sha-eeba66b8Low risk02026-06-17
0.0.0-pr-35198-sha-9d05c353Low risk02026-06-17
0.0.0-pr-35178-sha-a7b9e5e7Low risk02026-06-17
0.0.0-pr-35110-sha-39978b6fLow risk02026-06-17
0.0.0-pr-35110-sha-3d3ef979Low risk02026-06-16
0.0.0-pr-34202-sha-5876846eLow risk02026-06-16
0.0.0-pr-35156-sha-452e83c1Low risk02026-06-16
10.4.6Low risk02026-06-16
10.5.0-alpha.7Low risk02026-06-16
0.0.0-pr-35164-sha-1aaf82d2Low risk02026-06-15
0.0.0-pr-35110-sha-6ea7b9f5Low risk02026-06-15
0.0.0-pr-35119-sha-875d9994Low risk02026-06-15
10.4.5Low risk02026-06-15
0.0.0-pr-34202-sha-7eb6963fLow risk02026-06-15
0.0.0-pr-35110-sha-d663f060Low risk02026-06-15
0.0.0-pr-35164-sha-fe7f4278Low risk02026-06-15
0.0.0-pr-35109-sha-176296ffLow risk02026-06-12
0.0.0-pr-35147-sha-6bc246feLow risk02026-06-12
0.0.0-pr-35110-sha-29d0b5a1Low risk02026-06-11
0.0.0-pr-34837-sha-5a29808eLow risk02026-06-11
10.4.4Low risk02026-06-11
0.0.0-pr-35110-sha-53fe3e1cLow risk02026-06-10
0.0.0-pr-35110-sha-dbef892eLow risk02026-06-10
0.0.0-pr-35125-sha-838d82b6Low risk02026-06-10
0.0.0-pr-35125-sha-eeb0bba2Low risk02026-06-10
10.5.0-alpha.6Low risk02026-06-10
0.0.0-pr-34837-sha-df272c83Low risk02026-06-10
0.0.0-pr-35115-sha-f9c23ce5Low risk02026-06-09
10.4.3Low risk02026-06-09
0.0.0-pr-35048-sha-4dcfdcfdLow risk02026-06-09
0.0.0-pr-35114-sha-17e6d055Low risk02026-06-09
0.0.0-pr-35101-sha-81c2838cLow risk02026-06-09
0.0.0-pr-34837-sha-24fd698eLow risk02026-06-08
0.0.0-pr-35078-sha-e5f7408fLow risk02026-06-06
10.5.0-alpha.5Low risk02026-06-05
0.0.0-pr-35044-sha-4ef63dcfLow risk02026-06-04
0.0.0-pr-34837-sha-bef69a85Low risk02026-06-04
0.0.0-pr-35050-sha-bd7a5628Low risk02026-06-04
0.0.0-pr-35048-sha-7c1a3349Low risk02026-06-04
0.0.0-pr-35051-sha-92d9e51aLow risk02026-06-04
0.0.0-pr-34953-sha-01ea9a40Low risk02026-06-04
0.0.0-pr-34202-sha-c1190794Low risk02026-06-03
0.0.0-pr-34202-sha-f7a9cb1bLow risk02026-06-03
0.0.0-pr-34202-sha-7c93a2e6Low risk02026-06-03
0.0.0-pr-34202-sha-9ccbc16fLow risk02026-06-03
0.0.0-pr-34953-sha-95f8d31dLow risk02026-06-03
0.0.0-pr-34953-sha-83c7bca8Low risk02026-06-02
10.5.0-alpha.4Low risk02026-06-02
0.0.0-pr-35009-sha-f04893a0Low risk02026-06-02
0.0.0-pr-34202-sha-9bc91288Low risk02026-06-01
0.0.0-pr-34976-sha-bf5dde0eLow risk02026-05-29
0.0.0-pr-34953-sha-28f97f41Low risk02026-05-29
0.0.0-pr-34202-sha-edbd40b4Low risk02026-05-29
0.0.0-pr-34953-sha-c061e099Low risk02026-05-29
0.0.0-pr-34202-sha-456c252bLow risk02026-05-29
0.0.0-pr-34837-sha-ef2a6413Review132026-05-29
0.0.0-pr-34926-sha-a0498164Review172026-05-28
0.0.0-pr-34953-sha-90d8fa9bReview172026-05-28
0.0.0-pr-34936-sha-8ab3ef66Review172026-05-28
0.0.0-pr-34837-sha-9c4ac020Review172026-05-28
0.0.0-pr-34202-sha-bc5dfdd6Review32026-05-28
0.0.0-pr-34890-sha-dad96b83Review32026-05-27
0.0.0-pr-34936-sha-cf9b0ed4Review32026-05-27
0.0.0-pr-34890-sha-4be9f903Review32026-05-27
0.0.0-pr-34890-sha-c4ba9bc2Review32026-05-26
0.0.0-pr-34890-sha-5048ee6eReview32026-05-26

Block this in CI

PkgRadar gates @storybook/nextjs-vite (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @storybook/[email protected]
Start free — 25 scans / moView full evidence