PkgRadar

npm · registry.npmjs.org

overmind-mcp

Js Hidden Powershell: Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.

Why PkgRadar flagged 2.8.50

SeveritySignalEvidence
highJs Hidden PowershellHidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/dist/lib/InstallHelper.js
mediumRemote Payloadmatched "curl " · package/bin/install-overmind-native.sh
mediumRemote Payloadmatched "curl " · package/bin/install-overmind-unix.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
2.8.50High risk552026-06-13
2.8.49High risk552026-06-13
2.8.48High risk552026-06-13
2.8.47High risk552026-06-13
2.8.46High risk552026-06-12
2.8.45High risk552026-06-12
2.8.3High risk872026-06-10
2.8.6High risk872026-06-10
2.8.44High risk792026-06-10
2.8.43High risk792026-06-10
2.8.40High risk792026-06-10
2.8.37High risk792026-06-10
2.8.35High risk792026-06-10
2.8.34High risk792026-06-10
2.8.28High risk792026-06-10
2.8.30High risk792026-06-10
2.8.27High risk792026-06-10
2.8.26High risk792026-06-10
2.8.25High risk792026-06-10
2.8.24High risk792026-06-10
2.8.23High risk792026-06-10
2.8.22High risk792026-06-10
2.8.21High risk792026-06-10
2.8.19High risk792026-06-10
2.8.15High risk792026-06-10
2.8.14High risk792026-06-10
2.8.13High risk792026-06-10
2.8.12High risk792026-06-10
2.8.11High risk792026-06-10
2.8.10High risk792026-06-10
2.8.9High risk672026-06-10
2.8.8High risk672026-06-10
2.8.7High risk672026-06-10

Block this in CI

PkgRadar gates overmind-mcp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence