PkgRadar

PyPI · pypi.org

envdrift

Js Hidden Powershell: Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.

Why PkgRadar flagged 10.16.1

SeveritySignalEvidence
highJs Hidden PowershellHidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · envdrift-10.16.1/envdrift-vscode/src/agentStatus.ts
highJs Hidden PowershellHidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. · envdrift-10.16.1/envdrift-vscode/src/encryption.ts

Scanned versions

VersionVerdictScoreScanned (UTC)
10.16.1High risk382026-06-12
10.16.0High risk382026-06-11
10.15.1High risk382026-06-09
10.15.0High risk382026-06-09
10.14.0High risk382026-06-08
10.13.9High risk382026-06-08
10.13.8High risk382026-06-08
10.13.7High risk382026-06-07
10.13.6High risk382026-06-07
10.13.5High risk552026-06-05
10.13.4High risk552026-06-05
10.13.3High risk552026-06-05
10.13.2High risk552026-06-05
0.1.4High risk552026-06-04
10.13.0High risk552026-06-04
10.12.4High risk552026-06-03
10.12.3High risk552026-06-03
10.12.2High risk552026-06-03
10.12.1High risk552026-06-03
10.12.0High risk552026-06-02
10.11.3High risk552026-05-30
10.11.2High risk552026-05-30
0.1.3High risk552026-05-30
10.11.1High risk552026-05-30
10.11.0High risk552026-05-30

Block this in CI

PkgRadar gates envdrift (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi envdrift==10.16.1
Start free — 25 scans / moView full evidence