PkgRadar

npm · registry.npmjs.org

grix-connector

Js Hidden Powershell: Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.

Why PkgRadar flagged 1.1.9

SeveritySignalEvidence
highJs Hidden PowershellHidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/dist/core/installer/registry.js

Scanned versions

VersionVerdictScoreScanned (UTC)
1.1.9High risk552026-06-13
1.1.8High risk552026-06-13
1.1.7High risk552026-06-12
1.1.6High risk552026-06-12
1.1.5High risk552026-06-12
1.1.4High risk552026-06-12
1.1.3High risk552026-06-12
1.1.2High risk552026-06-12
1.1.1High risk552026-06-12
1.1.0High risk552026-06-12
1.0.10High risk552026-06-10
1.0.9High risk552026-06-10
1.0.8High risk552026-06-10
1.0.7Review72026-06-01
1.0.6Review72026-06-01
1.0.5Review72026-05-29
1.0.4Review152026-05-28
1.0.3Review232026-05-26
1.0.2Review342026-05-26
0.9.16Review152026-05-26
0.9.15Review152026-05-25
0.9.1Review172026-05-25
0.9.13Review222026-05-25
0.9.10Review222026-05-25
0.9.9Review222026-05-25
0.9.8Review222026-05-25
0.9.6Review222026-05-25
0.9.7Review222026-05-25
0.9.5Review222026-05-25
0.9.3Review222026-05-25
0.9.4Review222026-05-25
0.9.2Review222026-05-25
0.9.14Review222026-05-25
0.9.12Review342026-05-25

Block this in CI

PkgRadar gates grix-connector (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence