npm · registry.npmjs.org
retold-content-system
Remote Payload: matched "wget "
Why PkgRadar flagged 1.0.28
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "wget " · package/html/codejar-bundle.js |
| medium | Obfuscation Density | high encoded/escaped-token density · package/html/codejar-bundle.js |
| medium | Remote Payload | matched "wget " · package/web-application/codejar-bundle.js |
| medium | Obfuscation Density | high encoded/escaped-token density · package/web-application/codejar-bundle.js |
| medium | Obfuscation Density | high encoded/escaped-token density · package/html/codemirror-bundle.js |
| medium | Obfuscation Density | high encoded/escaped-token density · package/web-application/codemirror-bundle.js |
| medium | Large Javascript Payload | 3092366 bytes · package/web-application/retold-content-system.compatible.js |
| medium | Large Javascript Payload | 2932037 bytes · package/web-application/retold-content-system.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.0.28 | Review | 44 | 2026-05-25 |
1.0.29 | Review | 54 | 2026-05-25 |
Related campaigns
- stevenvelozo — 6 releases, max score 299
Block this in CI
pkgradar gate --ecosystem npm [email protected]