npm · registry.npmjs.org

codeam-cli

Js Hidden Powershell: Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.

Why PkgRadar flagged 2.39.27

Severity	Signal	Evidence
high	Js Hidden Powershell	Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm \| iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/dist/index.js
high	Install Lifecycle Suppresses Failure	postinstall="node dist/postinstall.js \|\| true" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2.39.27`	High risk	49	2026-06-17
`2.39.26`	High risk	49	2026-06-17
`2.39.24`	High risk	49	2026-06-17
`2.39.25`	High risk	49	2026-06-17
`2.39.23`	High risk	49	2026-06-17
`2.39.22`	High risk	49	2026-06-16
`2.39.21`	High risk	49	2026-06-16
`2.39.20`	High risk	49	2026-06-15
`2.39.19`	High risk	49	2026-06-15
`2.39.18`	High risk	49	2026-06-14
`2.39.17`	High risk	49	2026-06-14
`2.39.16`	High risk	49	2026-06-14
`2.39.15`	High risk	49	2026-06-14
`2.39.14`	High risk	49	2026-06-14
`2.39.13`	High risk	49	2026-06-14
`2.39.12`	High risk	35	2026-06-13
`2.39.11`	High risk	35	2026-06-13
`2.39.10`	High risk	35	2026-06-13
`2.39.9`	High risk	35	2026-06-13
`2.39.8`	High risk	35	2026-06-13
`2.39.7`	High risk	35	2026-06-13
`2.39.6`	High risk	35	2026-06-13
`2.39.5`	High risk	35	2026-06-13
`2.39.4`	High risk	35	2026-06-12
`2.39.3`	High risk	35	2026-06-12
`2.39.2`	High risk	35	2026-06-12
`2.39.1`	High risk	35	2026-06-12
`2.39.0`	High risk	35	2026-06-12
`2.38.0`	High risk	35	2026-06-12
`2.37.3`	High risk	49	2026-06-11
`2.37.2`	High risk	49	2026-06-11
`2.37.1`	High risk	49	2026-06-11
`2.37.0`	High risk	49	2026-06-11
`2.36.5`	High risk	49	2026-06-11
`2.36.4`	High risk	49	2026-06-11
`2.36.2`	High risk	49	2026-06-11
`2.36.3`	High risk	49	2026-06-11
`2.36.0`	High risk	49	2026-06-11
`2.36.1`	High risk	49	2026-06-11
`2.35.9`	High risk	49	2026-06-11
`2.35.8`	High risk	49	2026-06-10
`2.35.7`	High risk	49	2026-06-10
`2.35.6`	High risk	49	2026-06-10
`2.35.5`	High risk	49	2026-06-10
`2.35.4`	High risk	49	2026-06-10
`2.35.2`	High risk	49	2026-06-10
`2.35.3`	High risk	49	2026-06-10
`2.35.1`	High risk	49	2026-06-10
`2.35.0`	High risk	49	2026-06-10
`2.23.18`	High risk	49	2026-06-10
`2.23.16`	High risk	70	2026-06-10
`2.23.17`	High risk	70	2026-06-10
`2.23.13`	High risk	70	2026-06-10
`2.23.14`	High risk	49	2026-06-10
`2.23.10`	High risk	49	2026-06-10
`2.23.8`	High risk	70	2026-06-10
`2.23.9`	High risk	49	2026-06-10
`2.23.5`	High risk	49	2026-06-10
`2.34.0`	High risk	49	2026-06-10
`2.33.0`	High risk	70	2026-06-10
`2.32.10`	High risk	70	2026-06-10
`2.32.9`	High risk	49	2026-06-10
`2.32.8`	High risk	70	2026-06-10
`2.32.7`	High risk	49	2026-06-10
`2.32.6`	High risk	49	2026-06-10
`2.32.5`	High risk	70	2026-06-10
`2.32.4`	High risk	70	2026-06-10
`2.32.3`	High risk	70	2026-06-10
`2.32.2`	High risk	70	2026-06-10
`2.32.1`	High risk	49	2026-06-10
`2.32.0`	High risk	49	2026-06-10
`2.31.0`	High risk	49	2026-06-10
`2.30.0`	High risk	49	2026-06-10
`2.29.0`	High risk	49	2026-06-10
`2.28.1`	High risk	49	2026-06-10
`2.28.0`	High risk	49	2026-06-10
`2.27.16`	High risk	49	2026-06-10
`2.27.15`	High risk	49	2026-06-10
`2.27.14`	High risk	49	2026-06-10
`2.27.13`	High risk	49	2026-06-10
`2.27.12`	High risk	49	2026-06-10
`2.27.11`	High risk	49	2026-06-10
`2.27.10`	High risk	49	2026-06-10
`2.27.9`	High risk	49	2026-06-10
`2.27.7`	High risk	70	2026-06-10
`2.27.8`	High risk	49	2026-06-10
`2.27.5`	High risk	49	2026-06-10
`2.27.6`	High risk	70	2026-06-10
`2.27.4`	High risk	70	2026-06-10
`2.27.3`	High risk	70	2026-06-10
`2.27.2`	High risk	49	2026-06-10
`2.27.1`	High risk	70	2026-06-10
`2.27.0`	High risk	49	2026-06-10
`2.26.16`	High risk	49	2026-06-10
`2.26.15`	High risk	49	2026-06-10
`2.26.14`	High risk	70	2026-06-10
`2.26.12`	High risk	70	2026-06-10
`2.26.13`	High risk	70	2026-06-10
`2.26.10`	High risk	49	2026-06-10
`2.26.11`	High risk	49	2026-06-10
`2.26.4`	High risk	70	2026-06-10
`2.26.5`	High risk	49	2026-06-10
`2.25.0`	High risk	49	2026-06-10
`2.24.0`	High risk	49	2026-06-10
`2.23.37`	High risk	49	2026-06-10
`2.23.36`	High risk	49	2026-06-10
`2.23.34`	High risk	49	2026-06-10
`2.23.35`	High risk	49	2026-06-10
`2.23.33`	High risk	49	2026-06-10
`2.23.32`	High risk	49	2026-06-10
`2.23.31`	High risk	49	2026-06-10
`2.23.30`	High risk	49	2026-06-10
`2.23.29`	High risk	49	2026-06-10
`2.23.28`	High risk	49	2026-06-10
`2.23.27`	High risk	49	2026-06-10
`2.23.26`	High risk	49	2026-06-10
`2.23.25`	High risk	49	2026-06-10
`2.23.24`	High risk	49	2026-06-10
`2.23.23`	High risk	49	2026-06-10
`2.23.22`	High risk	49	2026-06-10
`2.23.21`	High risk	49	2026-06-10
`2.23.20`	High risk	49	2026-06-10
`2.23.4`	High risk	49	2026-06-10
`2.23.3`	High risk	49	2026-06-10
`2.23.0`	High risk	49	2026-06-10
`2.23.1`	High risk	49	2026-06-10
`2.22.0`	High risk	49	2026-06-10
`2.22.1`	High risk	49	2026-06-10
`2.21.2`	High risk	49	2026-06-10
`2.23.19`	High risk	70	2026-06-10
`2.19.0`	High risk	49	2026-06-10
`2.18.2`	High risk	70	2026-06-10
`2.21.0`	High risk	70	2026-06-10
`2.20.2`	High risk	70	2026-06-10
`2.21.1`	High risk	70	2026-06-10
`2.20.0`	High risk	49	2026-06-10
`2.20.3`	High risk	49	2026-06-10
`2.18.1`	High risk	70	2026-06-10
`2.20.1`	High risk	70	2026-06-10

Block this in CI

PkgRadar gates codeam-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]

Start free — 25 scans / mo View full evidence