npm · registry.npmjs.org

@yjjeong/omg

Js Hidden Powershell: Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.

Why PkgRadar flagged 0.1.15

Severity	Signal	Evidence
high	Js Hidden Powershell	Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm \| iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/dist/cli/updateCheck.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.1.15`	Review	45	2026-06-05
`0.1.16`	Review	45	2026-06-05
`0.1.7`	Review	45	2026-06-05
`0.1.6`	Low risk	0	2026-06-05
`0.1.5`	Low risk	0	2026-06-05
`0.1.4`	Low risk	0	2026-06-05
`0.1.3`	Low risk	0	2026-06-05
`0.1.2`	Low risk	0	2026-06-05
`0.1.1`	Low risk	0	2026-06-05
`0.1.0`	Low risk	0	2026-06-04

Block this in CI

PkgRadar gates @yjjeong/omg (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @yjjeong/[email protected]

Start free — 25 scans / mo View full evidence