npm · registry.npmjs.org
rebill
Js Split Join Obfuscation: Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis.
Why PkgRadar flagged 1.17.23
| Severity | Signal | Evidence |
|---|---|---|
| high | Js Split Join Obfuscation | Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/dist/esm/lottie-E0pOygkZ.js |
| high | Js Split Join Obfuscation | Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/dist/cjs/lottie-NxKK9TIf.js |
| high | Js Split Join Obfuscation | Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/dist/components/p-GK75wIKe.js |
| high | Js Split Join Obfuscation | Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/dist/rebill/p-GK75wIKe.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.17.23 | Review | 25 | 2026-06-03 |
1.17.23-beta.1 | Review | 25 | 2026-06-03 |
1.17.22 | Review | 25 | 2026-06-02 |
1.17.21 | Review | 25 | 2026-06-02 |
1.17.20-beta.1 | Review | 25 | 2026-06-01 |
1.18.0-beta.2 | Review | 25 | 2026-06-01 |
1.18.0-beta.0 | Review | 25 | 2026-05-29 |
1.18.0-beta.1 | Review | 25 | 2026-05-29 |
1.17.20 | Review | 6 | 2026-05-28 |
1.17.19-beta.0 | Review | 6 | 2026-05-27 |
1.17.19 | Review | 6 | 2026-05-27 |
1.17.18-beta.4 | Review | 6 | 2026-05-27 |
1.17.18 | Review | 6 | 2026-05-27 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]