npm · registry.npmjs.org
xedoc-cli
Js Split Join Obfuscation: Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis.
Why PkgRadar flagged 0.1.29
| Severity | Signal | Evidence |
|---|---|---|
| high | Js Split Join Obfuscation | Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · package/build/client/assets/header-menu-jQlfZEO-.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.1.44 | Low risk | 0 | 2026-06-14 |
0.1.45 | Low risk | 0 | 2026-06-14 |
0.1.43 | Low risk | 0 | 2026-06-12 |
0.1.42 | Low risk | 0 | 2026-06-12 |
0.1.41 | Low risk | 0 | 2026-06-12 |
0.1.40 | Low risk | 0 | 2026-06-12 |
0.1.39 | Low risk | 0 | 2026-06-12 |
0.1.38 | Low risk | 0 | 2026-06-12 |
0.1.37 | Low risk | 0 | 2026-06-09 |
0.1.36 | Low risk | 0 | 2026-06-07 |
0.1.35 | Low risk | 0 | 2026-06-07 |
0.1.34 | Low risk | 0 | 2026-06-07 |
0.1.33 | Low risk | 0 | 2026-06-06 |
0.1.32 | Low risk | 0 | 2026-05-31 |
0.1.31 | Low risk | 0 | 2026-05-31 |
0.1.29 | Review | 12 | 2026-05-29 |
0.1.30 | Review | 12 | 2026-05-29 |
0.1.24 | Review | 12 | 2026-05-29 |
0.1.25 | Review | 12 | 2026-05-29 |
0.1.22 | Review | 28 | 2026-05-28 |
0.1.23 | Review | 28 | 2026-05-28 |
0.1.20 | Low risk | 0 | 2026-05-25 |
0.1.18 | Low risk | 0 | 2026-05-25 |
0.1.17 | Low risk | 0 | 2026-05-24 |
0.1.16 | Low risk | 0 | 2026-05-24 |
0.1.15 | Low risk | 0 | 2026-05-24 |
0.1.14 | Low risk | 0 | 2026-05-24 |
0.1.13 | Low risk | 0 | 2026-05-24 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]