PkgRadar

npm · registry.npmjs.org

sale-client

Js Split Join Obfuscation: Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis.

Why PkgRadar flagged 3.4.136-jb

SeveritySignalEvidence
highJs Split Join ObfuscationArray-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/build/webpack.singlepage.conf.js

Scanned versions

VersionVerdictScoreScanned (UTC)
4.3.82Low risk02026-06-12
1.3.67-aodeToV4Low risk02026-06-12
1.3.66-aodeToV4Low risk02026-06-10
3.2.13-62-lsLow risk02026-06-10
4.3.81Low risk02026-06-09
4.3.80Low risk02026-06-09
4.3.79Low risk02026-06-09
4.3.78Low risk02026-06-08
3.2.13-61-lsLow risk02026-06-08
4.3.77Low risk02026-06-05
4.3.76Low risk02026-06-05
3.7.63Low risk02026-06-05
4.3.75Low risk02026-06-05
4.3.74Low risk02026-06-04
4.3.73Low risk02026-06-04
3.7.62Low risk02026-06-03
3.2.13-36-caihonLow risk02026-06-02
3.1.175-zkLow risk02026-06-02
4.3.72Low risk02026-06-02
3.7.61Low risk02026-06-02
3.7.60Low risk02026-06-02
3.1.174-zkLow risk02026-06-01
3.7.59Low risk02026-06-01
4.3.71Low risk02026-05-29
4.3.70Low risk02026-05-29
4.3.68Low risk02026-05-28
4.3.69Low risk02026-05-28
4.3.65Low risk02026-05-28
3.4.136-jbReview122026-05-28
4.3.63Low risk02026-05-27
4.3.64Low risk02026-05-27
3.7.58Low risk02026-05-27
4.3.61Low risk02026-05-26
4.3.59Low risk02026-05-26
4.3.60Low risk02026-05-26

Block this in CI

PkgRadar gates sale-client (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence