npm · registry.npmjs.org

cerevox

Js Decode Then Exec: base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern.

Why PkgRadar flagged 4.72.1

Severity	Signal	Evidence
high	Js Decode Then Exec	base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/dist/mcp/servers/browser-use.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`4.77.1`	Low risk	0	2026-06-09
`4.77.0`	Low risk	0	2026-06-06
`4.76.4`	Low risk	0	2026-06-05
`4.76.3`	Low risk	0	2026-06-03
`4.76.2`	Low risk	0	2026-06-03
`4.76.1`	Low risk	0	2026-06-02
`4.76.0`	Low risk	0	2026-06-02
`4.75.0`	Low risk	0	2026-06-02
`4.74.0`	Low risk	0	2026-06-01
`4.73.0`	Low risk	0	2026-05-30
`4.72.1`	Review	31	2026-05-28
`4.72.0`	Low risk	0	2026-05-27
`4.71.2`	Low risk	0	2026-05-26
`4.71.1`	Low risk	0	2026-05-25
`4.71.0`	Low risk	0	2026-05-25
`4.70.4`	Low risk	0	2026-05-24
`4.70.1`	Low risk	0	2026-05-24

Block this in CI

PkgRadar gates cerevox (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]