Package evidence

@epicdm/[email protected]

Obfuscation: matched "atob("

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@epicdm/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@epicdm/[email protected]"],"fail_on":"review"}'

Publisherspencer.epic

Artifact bytes148,777

Previous version1.0.6

Published2026-05-19T23:56:52.494Z

SHA-25690426bad4e5aec4ba27f438a173ea2e9756dc88aac3475db2251614c3a4af213

Why flagged

What the scanner saw

Obfuscation: matched "atob("

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

20d agoLast checked

reviewRisk

12Score

1.0.7Version

Status history (1 event)

new → available20d ago · risk review · score 12 · status changed

Evidence

Static findings

4 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 4 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
low	Obfuscation	package/src/worker/peers/accept.ts	matched "atob("	3
low	Obfuscation	package/src/worker/crypto/keypair.ts	matched "fromCharCode"	3
low	Obfuscation	package/src/worker/auth/parse-token.ts	matched "atob("	3
low	Obfuscation	package/src/durable-object/verify-jwt.ts	matched "atob("	3

Manifest

Package metadata

Scripts23

buildtsup
build:workerwrangler deploy --dry-run --outdir=dist/worker
deploywrangler deploy
deploy:stagingwrangler deploy --env staging
devwrangler dev
generate:allyarn generate:migrations && yarn generate:rxdb && yarn generate:zod
generate:migrationsdrizzle-kit generate --config=src/drizzle/drizzle.config.ts
generate:rxdbtsx scripts/generate-rxdb-schemas.ts
generate:zodtsx scripts/generate-zod-schemas.ts
linteslint src --ext .ts
migrate-backuptsx scripts/migrate-backup.ts
migrate-backup:dry-runtsx scripts/migrate-backup.ts --dry-run
migrate-d1tsx scripts/migrate-d1-to-d1.ts
perf:benchmarktsx scripts/perf/index.ts --benchmark-only
perf:quicktsx scripts/perf/index.ts --target-size 100MB
perf:testtsx scripts/perf/index.ts
testjest
test:d1-tablestsx scripts/test-d1-tables.ts
test:e2eE2E=1 jest --testPathPatterns='tests/e2e' --runInBand
test:e2e:d1E2E=1 jest --testPathPatterns='d1-worker.e2e' --runInBand
test:e2e:rxdbE2E=1 jest --testPathPatterns='rxdb-server.e2e' --runInBand
test:watchjest --watch
typechecktsc --noEmit

Dependencies3

@epicdm/flowstate-collections1.1.8
drizzle-orm^0.45.1
rxdb16.21.1