npm · registry.npmjs.org
bingocode
Js Hidden Powershell: Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.
Why PkgRadar flagged 1.1.172
| Severity | Signal | Evidence |
|---|---|---|
| high | Js Hidden Powershell | Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/src/tools/PowerShellTool/pathValidation.ts |
| high | Js Hidden Powershell | Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/src/utils/permissions/permissions.ts |
| high | Js Hidden Powershell | Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/src/utils/permissions/yoloClassifier.ts |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/src/utils/plugins/installCounts.ts |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/src/utils/releaseNotes.ts |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.1.172 | High risk | 72 | 2026-06-13 |
1.1.156 | High risk | 72 | 2026-06-13 |
1.1.155 | High risk | 72 | 2026-06-13 |
1.1.154 | High risk | 72 | 2026-06-13 |
1.1.173 | High risk | 104 | 2026-06-12 |
1.1.152 | High risk | 72 | 2026-06-10 |
1.1.153 | High risk | 72 | 2026-06-10 |
1.1.151 | High risk | 72 | 2026-06-10 |
1.1.149 | High risk | 104 | 2026-06-10 |
1.1.150 | High risk | 72 | 2026-06-10 |
1.1.142 | High risk | 72 | 2026-06-10 |
1.1.144 | High risk | 72 | 2026-06-10 |
1.1.143 | High risk | 72 | 2026-06-10 |
1.1.137 | High risk | 72 | 2026-06-10 |
1.1.171 | High risk | 72 | 2026-06-10 |
1.1.170 | High risk | 72 | 2026-06-10 |
1.1.169 | High risk | 72 | 2026-06-10 |
1.1.168 | High risk | 72 | 2026-06-10 |
1.1.167 | High risk | 104 | 2026-06-10 |
1.1.166 | High risk | 72 | 2026-06-10 |
1.1.165 | High risk | 72 | 2026-06-10 |
1.1.164 | High risk | 72 | 2026-06-10 |
1.1.163 | High risk | 72 | 2026-06-10 |
1.1.162 | High risk | 72 | 2026-06-10 |
1.1.161 | High risk | 72 | 2026-06-10 |
1.1.160 | High risk | 72 | 2026-06-10 |
1.1.159 | High risk | 72 | 2026-06-10 |
1.1.158 | High risk | 72 | 2026-06-10 |
1.1.157 | High risk | 72 | 2026-06-10 |
1.1.136 | High risk | 72 | 2026-06-10 |
1.1.131 | High risk | 72 | 2026-06-10 |
1.1.133 | High risk | 72 | 2026-06-10 |
1.1.132 | High risk | 72 | 2026-06-10 |
1.1.129 | High risk | 72 | 2026-06-10 |
1.1.135 | High risk | 72 | 2026-06-10 |
1.1.134 | High risk | 72 | 2026-06-10 |
1.1.130 | High risk | 72 | 2026-06-10 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]