npm · registry.npmjs.org
mcp-agents-memory
Js Decode Then Exec: base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern.
Why PkgRadar flagged 0.9.12
| Severity | Signal | Evidence |
|---|---|---|
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/build/migrations/005_provenance.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/build/migrations/006_canonical_validation.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/build/migrations/007_seed_real_models.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/build/migrations/008_schema_realignment.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/build/migrations/009_skills_tables.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/build/migrations/010_subject_relationships.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/build/migrations/011_memories_metadata.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/build/migrations/012_memory_sources.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/build/migrations/013_refresh_models.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/build/migrations/014_drop_legacy_facts_constraints.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/build/migrations/015_agent_provenance.js |
| high | Js Decode Then Exec | base64 / atob / fromCharCode decode paired with eval / new Function in the same file — canonical obfuscated-loader pattern. · package/build/migrations/016_agent_curator.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.9.14 | Low risk | 0 | 2026-06-01 |
0.9.13 | Low risk | 0 | 2026-05-31 |
0.9.11 | Low risk | 0 | 2026-05-30 |
0.9.6 | Low risk | 0 | 2026-05-30 |
0.9.10 | Low risk | 0 | 2026-05-30 |
0.9.12 | Review | 50 | 2026-05-29 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]