Loading the latest scan…
npm · registry.npmjs.org
Remote Shell Cradle, Js Decode Then Exec, Shell Credential File Read +8 more
Why PkgRadar flagged 1.4.7
| Severity | Signal | Evidence |
|---|---|---|
| high | Remote Shell Cradle | — |
| high | Remote Shell Cradle | — |
| high | Js Decode Then Exec | — |
| high | Shell Credential File Read | — |
| high | Remote Shell Cradle | — |
| high | Shell Credential File Read | — |
| high | Reverse Shell | — |
| high | Webhook Exfil Endpoint | — |
| high | Webhook Exfil Endpoint | — |
| high | Webhook Exfil Endpoint | — |
| high | Webhook Exfil Endpoint | — |
| high | Reverse Shell | — |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.4.7 | High risk | 545 | 2026-07-17 |
1.4.5 | High risk | 508 | 2026-07-17 |
1.4.1 | High risk | 152 | 2026-07-15 |
1.2.0 | High risk | 108 | 2026-07-04 |
1.3.0 | High risk | 108 | 2026-07-04 |
1.4.0 | High risk | 108 | 2026-07-04 |
1.0.0 | High risk | 307 | 2026-06-23 |
1.0.1 | High risk | 307 | 2026-06-23 |
1.1.0 | High risk | 3 | 2026-06-04 |
Related campaigns
Block this in CI
pkgradar gate --ecosystem npm @evalguard/[email protected]