PyPI · pypi.org

reviewboard

Js Split Join Obfuscation: Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis.

Why PkgRadar flagged 8.0

Severity	Signal	Evidence
high	Js Split Join Obfuscation	Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · reviewboard-8.0/reviewboard/htdocs/static/lib/js/3rdparty.min.8712715b7d25.js
high	Js Split Join Obfuscation	Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis. · reviewboard-8.0/reviewboard/htdocs/static/lib/js/3rdparty.min.js
medium	Py Custom Build Backend	Non-standard PEP 517 build-backend `buildthings.backend` — runs custom code at install time. · pyproject.toml
medium	Obfuscation Density	high encoded/escaped-token density · reviewboard-8.0/package-lock.json
medium	Obfuscation Density	high encoded/escaped-token density · reviewboard-8.0/reviewboard/htdocs/static/lib/js/3rdparty-jsonlint.min.80ae6e818326.js
medium	Obfuscation Density	high encoded/escaped-token density · reviewboard-8.0/reviewboard/htdocs/static/lib/js/3rdparty-jsonlint.min.js
medium	Obfuscation Density	high encoded/escaped-token density · reviewboard-8.0/reviewboard/htdocs/static/lib/js/jsonlint/index.js
medium	Remote Payload	matched "curl " · reviewboard-8.0/reviewboard/manage.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`8.0`	Review	43	2026-05-28

Block this in CI

PkgRadar gates reviewboard (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi reviewboard==8.0

Start free — 25 scans / mo View full evidence