npm · registry.npmjs.org

poe-code

Js Hidden Powershell: Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.

Why PkgRadar flagged 3.0.372

Severity	Signal	Evidence
high	Js Hidden Powershell	Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm \| iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/dist/providers/claude-code.js
high	Js Hidden Powershell	Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm \| iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · package/dist/providers/goose.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`3.0.372`	Review	15	2026-06-16
`3.0.371`	Review	15	2026-06-16
`3.0.370`	Review	15	2026-06-16
`3.0.369`	Review	15	2026-06-16
`3.0.368`	Review	15	2026-06-16
`3.0.367`	Review	15	2026-06-16
`3.0.366`	Review	15	2026-06-16
`3.0.365`	Review	15	2026-06-16
`3.0.364`	Review	15	2026-06-16
`3.0.363`	Review	15	2026-06-16
`3.0.362`	Review	15	2026-06-16
`3.0.361`	Review	15	2026-06-16
`3.0.360`	Review	15	2026-06-16
`3.0.359`	Review	15	2026-06-16
`3.0.358`	Review	15	2026-06-16
`3.0.357`	Review	15	2026-06-16
`3.0.356`	Review	15	2026-06-16
`3.0.355`	Review	15	2026-06-16
`3.0.354`	Review	15	2026-06-16
`3.0.353`	Review	15	2026-06-16
`3.0.352`	Review	15	2026-06-16
`3.0.351`	Review	15	2026-06-16
`3.0.350`	Review	15	2026-06-16
`3.0.349`	Review	15	2026-06-16
`3.0.348`	Review	15	2026-06-16
`3.0.347`	Review	15	2026-06-16
`3.0.346`	Review	15	2026-06-16
`3.0.345`	Review	15	2026-06-16
`3.0.344`	Review	15	2026-06-16
`3.0.342`	Review	15	2026-06-16
`3.0.343`	Review	15	2026-06-16
`3.0.341`	Review	15	2026-06-16
`3.0.340`	Review	15	2026-06-16
`3.0.339`	Review	15	2026-06-16
`3.0.338`	Review	15	2026-06-16
`3.0.337`	Review	15	2026-06-16
`3.0.336`	Review	15	2026-06-16
`3.0.335`	Review	15	2026-06-16
`3.0.334`	Review	15	2026-06-16
`3.0.333`	Review	15	2026-06-16
`3.0.332`	Review	15	2026-06-16
`3.0.331`	Review	15	2026-06-16
`3.0.330`	Review	15	2026-06-16
`3.0.329`	Review	15	2026-06-16
`3.0.328`	Review	15	2026-06-16
`3.0.327`	Review	15	2026-06-16
`3.0.326`	Review	15	2026-06-16
`3.0.325`	Review	15	2026-06-16
`3.0.324`	Review	15	2026-06-16
`3.0.323`	Review	15	2026-06-16
`3.0.321`	Review	15	2026-06-16
`3.0.322`	Review	15	2026-06-16
`3.0.320`	Review	15	2026-06-16
`3.0.319`	Review	15	2026-06-16
`3.0.318`	Review	15	2026-06-16
`3.0.317`	Review	15	2026-06-16
`3.0.316`	Review	15	2026-06-16
`3.0.315`	Review	15	2026-06-16
`3.0.314`	Review	15	2026-06-16
`3.0.312`	Review	15	2026-06-16
`3.0.313`	Review	15	2026-06-16
`3.0.311`	Review	15	2026-06-16
`3.0.310`	Review	15	2026-06-16
`3.0.309`	Review	15	2026-06-16
`3.0.308`	Review	15	2026-06-16
`3.0.307`	Review	15	2026-06-16
`3.0.306`	Review	15	2026-06-16
`3.0.305`	Review	15	2026-06-15
`3.0.304`	Review	15	2026-06-15
`3.0.303`	Review	15	2026-06-15
`3.0.302`	Review	15	2026-06-15
`3.0.301`	Review	15	2026-06-15
`3.0.300`	Review	15	2026-06-15
`3.0.299`	Review	15	2026-06-15
`3.0.298`	Review	15	2026-06-15
`3.0.297`	Review	15	2026-06-15
`3.0.296`	Review	15	2026-06-15
`3.0.295`	Review	15	2026-06-15
`3.0.294`	Review	15	2026-06-15
`3.0.293`	Review	15	2026-06-15
`3.0.291`	Review	15	2026-06-15
`3.0.292`	Review	15	2026-06-15
`3.0.290`	Review	15	2026-06-15
`3.0.289`	Review	15	2026-06-15
`3.0.288`	Review	15	2026-06-15
`3.0.287`	Review	15	2026-06-15
`3.0.286`	Review	15	2026-06-15
`3.0.285`	Review	15	2026-06-15
`3.0.284`	Review	15	2026-06-15
`3.0.283`	Review	15	2026-06-15
`3.0.282`	Review	15	2026-06-15
`3.0.281`	Review	15	2026-06-15
`3.0.280`	Review	15	2026-06-15
`3.0.279`	Review	15	2026-06-15
`3.0.278`	Review	15	2026-06-15
`3.0.277`	Review	15	2026-06-15
`3.0.276`	Review	15	2026-06-15
`3.0.275`	Review	15	2026-06-15
`3.0.274`	Review	15	2026-06-15
`3.0.273`	Review	15	2026-06-15
`3.0.272`	Review	15	2026-06-15
`3.0.271`	Review	15	2026-06-15
`3.0.270`	Review	15	2026-06-15
`3.0.269`	Review	15	2026-06-15
`3.0.268`	Review	15	2026-06-15
`3.0.267`	Review	15	2026-06-15
`3.0.266`	Review	15	2026-06-15
`3.0.265`	Review	15	2026-06-15
`3.0.264`	Review	15	2026-06-14
`3.0.263`	Review	15	2026-06-14
`3.0.262`	Review	15	2026-06-14
`3.0.261`	Review	15	2026-06-14
`3.0.260`	Review	15	2026-06-14
`3.0.259-beta.1`	Review	15	2026-06-14
`3.0.259`	Review	15	2026-06-14
`3.0.258`	Review	15	2026-06-14
`3.0.257`	Review	15	2026-06-12
`3.0.257-beta.1`	Review	15	2026-06-12
`3.0.256`	Review	15	2026-06-12
`3.0.256-beta.1`	Review	15	2026-06-12
`3.0.255`	Review	15	2026-06-12
`3.0.254`	Review	15	2026-06-11
`3.0.254-beta.1`	Review	15	2026-06-11
`3.0.253`	Review	15	2026-06-11
`3.0.252`	Review	15	2026-06-11
`3.0.250`	Review	15	2026-06-10
`3.0.249`	Review	15	2026-06-09
`3.0.248`	Review	15	2026-06-09
`3.0.247`	Review	15	2026-06-09
`3.0.246`	Review	15	2026-06-09
`3.0.245`	Review	15	2026-06-09
`3.0.244`	Review	15	2026-06-09
`3.0.243`	Review	15	2026-06-09
`3.0.242`	Review	15	2026-06-09
`3.0.241`	Review	16	2026-06-08
`3.0.240`	Review	16	2026-06-08
`3.0.239`	Review	16	2026-06-07
`3.0.238`	Review	16	2026-06-07
`3.0.237`	Review	16	2026-06-07
`3.0.236`	Review	16	2026-06-07
`3.0.235`	Review	16	2026-06-07
`3.0.234`	Review	16	2026-06-07
`3.0.232`	Review	16	2026-06-04
`3.0.233`	Review	16	2026-06-04
`3.0.231`	Review	16	2026-06-03
`3.0.230`	Review	16	2026-06-02
`3.0.229`	Review	16	2026-06-02
`3.0.228`	Review	12	2026-05-27
`3.0.226`	Review	12	2026-05-27
`3.0.227`	Review	12	2026-05-27

Block this in CI

PkgRadar gates poe-code (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]

Start free — 25 scans / mo View full evidence