PkgRadar

PyPI · pypi.org

mercury

Js Split Join Obfuscation: Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis.

Why PkgRadar flagged 3.2.1

SeveritySignalEvidence
highJs Split Join ObfuscationArray-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · mercury_app/static/chunk.3f28a70b86862b4b010e.js
highJs Split Join ObfuscationArray-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · mercury_app/static/chunk.40f34bf6e21ddece3431.js
highJs Split Join ObfuscationArray-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · mercury_app/static/chunk.7b56766a01a25b233ce5.js
highJs Split Join ObfuscationArray-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · mercury_app/static/chunk.c1ecc1a481ae0f285db1.js
highJs Split Join ObfuscationArray-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · mercury_app/static/chunk.ed9d99ea72f766ea879d.js
highJs Split Join ObfuscationArray-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · mercury_app/static/chunk.f2474f06a59cf728421f.js

Scanned versions

VersionVerdictScoreScanned (UTC)
3.2.1High risk252026-06-09
3.2.0High risk252026-05-30
3.1.5High risk252026-05-30
3.1.4High risk252026-05-30

Block this in CI

PkgRadar gates mercury (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi mercury==3.2.1
Start free — 25 scans / moView full evidence