Package evidence

@dazl/[email protected]

Obfuscation Density: high encoded/escaped-token density

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 1
First published: May 2026
Publisher: avi.vahl

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@dazl/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@dazl/[email protected]"],"fail_on":"review"}'

Publisheravi.vahl

Artifact bytes12,553,717

Previous versionnone

Published2026-05-25T13:34:11.169Z

SHA-25681f2938401a6ba210cf7d2f59afa790c91c6e554b6e5697b63ba2c9be3a13428

Why flagged

What the scanner saw

Obfuscation Density: high encoded/escaped-token density

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

22d agoLast checked

reviewRisk

99Score

1.0.1Version

Status history (1 event)

new → available22d ago · risk review · score 99 · status changed

Evidence

Static findings

13 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
medium	Obfuscation Density	package/dist-engine/web/editor-preview.web.js	high encoded/escaped-token density	12
medium	Obfuscation Density	package/dist-engine/web/plugin-preview.web.js	high encoded/escaped-token density	12
medium	Large Javascript Payload	package/build/client/assets/editor.api2-Bcty150P.js	3626875 bytes	10
medium	Large Javascript Payload	package/build/server/assets/editor.web-B4RCFJoC.js	2124961 bytes	10
medium	Large Javascript Payload	package/dist-engine/web/editor.web.js	13697953 bytes	10
medium	Large Javascript Payload	package/build/server/index.js	3312592 bytes	10

Show all 13 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
medium	Obfuscation Density	package/dist-engine/web/editor-preview.web.js	high encoded/escaped-token density	12
medium	Obfuscation Density	package/dist-engine/web/plugin-preview.web.js	high encoded/escaped-token density	12
medium	Large Javascript Payload	package/build/client/assets/editor.api2-Bcty150P.js	3626875 bytes	10
medium	Large Javascript Payload	package/build/server/assets/editor.web-B4RCFJoC.js	2124961 bytes	10
medium	Large Javascript Payload	package/dist-engine/web/editor.web.js	13697953 bytes	10
medium	Large Javascript Payload	package/build/server/index.js	3312592 bytes	10
low	Credential file access	package/dist-engine/node/create-node-env-entrypoint.js	matched "npm_token"	5
low	Credential file access	package/dist-engine/node/dev-server.node.js	matched "npm_token"	5
low	Credential file access	package/build/client/assets/editor.web-CLp-KDmC.js	matched ".azure"	5
low	Credential file access	package/dist-engine/node/lang-server.node.js	matched "npm_token"	5
low	Credential file access	package/dist-engine/node/processing.node.js	matched "npm_token"	5
low	Credential file access	package/dist-engine/node/start-dev-server-env.js	matched "npm_token"	5
low	Credential file access	package/dist-engine/node/workspace.node.js	matched "npm_token"	5

Manifest

Package metadata

Dependencies116

@ai-sdk/anthropic^3.0.79
@ai-sdk/google-vertex^4.0.137
@aws-sdk/client-cloudwatch^3.1053.0
@aws-sdk/client-cognito-identity-provider^3.1053.0
@aws-sdk/client-s3^3.1053.0
@aws-sdk/client-sqs^3.1053.0
@aws-sdk/lib-storage^3.1053.0
@composio/core^0.10.0
@dazl/addons^1.9.0
@dazl/browser^18.10.0
@dazl/color-scheme^1.2.1
@dazl/common^18.10.0
@dazl/engine-core^52.1.0
@dazl/engine-runtime-node^52.1.0
@dazl/fs-utils^18.10.0
@dazl/internal-api-client^1.26.3
@dazl/patterns^18.10.0
@dazl/resolve-directory-context^5.1.0
@dazl/schema-client^15.5.0
@dazl/shorthands-opener^4.4.0
@dazl/tree-list^1.0.0
@dazl/typescript-schema-core^15.5.0
@dazl/typescript-schema-extract^15.5.0
@dazl/wix-media-client^1.7.0
@emmetio/abbreviation^2.3.3
@file-services/memory^11.1.0
@file-services/node^11.1.0
@file-services/overlay^11.1.0
@file-services/path^11.1.0
@file-services/resolve^11.1.0
…and 86 more.