Package evidence
@factiii/[email protected]
Js Hidden Powershell: Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 189
- First published
- Feb 2026
- Publisher
- jsnyder10
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@factiii/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@factiii/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Js Hidden Powershell: Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 135 · status changed
Evidence
Static findings
21 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Js Hidden Powershell | package/dist/plugins/servers/windows/index.js | Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. | 45 |
| medium | Credential file access | package/dist/plugins/pipelines/factiii/index.js | matched ".ssh/" | 10 |
Show all 21 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Js Hidden Powershell | package/dist/plugins/servers/windows/index.js | Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers. | 45 |
| medium | Credential file access | package/dist/plugins/pipelines/factiii/index.js | matched ".ssh/" | 10 |
| low | Credential file access | package/dist/plugins/pipelines/aws/utils/aws-helpers.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/plugins/pipelines/aws/scanfix/credentials.js | matched "AWS_SECRET_ACCESS_KEY" | 5 |
| low | Credential file access | package/dist/cli/deploy.js | matched ".ssh/" | 5 |
| low | Credential file access | package/dist/cli/dev-reset.js | matched ".ssh/" | 5 |
| low | Credential file access | package/dist/plugins/pipelines/factiii/scanfix/env-files.js | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | package/dist/plugins/pipelines/aws/scanfix/iam.js | matched ".aws/" | 5 |
| low | Credential file access | package/dist/plugins/pipelines/aws/index.js | matched ".ssh/" | 5 |
| low | Credential file access | package/dist/plugins/servers/mac/index.js | matched ".ssh/" | 5 |
| low | Credential file access | package/dist/plugins/servers/ubuntu/index.js | matched ".ssh/" | 5 |
| low | Credential file access | package/dist/plugins/pipelines/aws/prod.js | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | package/dist/plugins/pipelines/factiii/prod.js | matched ".aws/" | 5 |
| low | Credential file access | package/dist/cli/scan.js | matched ".ssh/" | 5 |
| low | Credential file access | package/dist/utils/secret-prompts.js | matched ".ssh/" | 5 |
| low | Credential file access | package/dist/cli/secrets.js | matched "AWS_SECRET_ACCESS_KEY" | 5 |
| low | Credential file access | package/dist/plugins/pipelines/factiii/scanfix/secrets.js | matched ".ssh/" | 5 |
| low | Credential file access | package/dist/plugins/pipelines/aws/scanfix/ssh-bridge.js | matched ".ssh/" | 5 |
| low | Credential file access | package/dist/utils/ssh-helper.js | matched ".ssh/" | 5 |
| low | Credential file access | package/dist/plugins/pipelines/factiii/scanfix/ssh-verify.js | matched ".ssh/" | 5 |
| low | Credential file access | package/dist/utils/template-generator.js | matched "AWS_ACCESS_KEY" | 5 |
Manifest
Package metadata
Scripts10
buildtsc && npm run copy-assetsbuild:watchtsc --watchcleannode -e "const fs=require('fs');if(fs.existsSync('dist'))fs.rmSync('dist',{recursive:true,force:true})"copy-assetsnode -e "const fs=require('fs'),p=require('path');fs.cpSync('src/plugins/approved.json','dist/plugins/approved.json');const d='dist/plugins/pipelines/factiii/workflows';fs.mkdirSync(d,{recursive:true});for(const f of fs.readdirSync('src/plugins/pipelines/factiii/workflows').filter(f=>f.endsWith('.yml')))fs.cpSync(p.join('src/plugins/pipelines/factiii/workflows',f),p.join(d,f));const pd='dist/plugins/pipelines/aws/policies';fs.mkdirSync(pd,{recursive:true});for(const f of fs.readdirSync('src/plugins/pipelines/aws/policies').filter(f=>f.endsWith('.json')))fs.cpSync(p.join('src/plugins/pipelines/aws/policies',f),p.join(pd,f))"prebuildnpm run cleanprepublish-checknode -e "const v=require('./package.json').version; if(v.includes('-d')){console.error('Cannot publish dev version:',v); process.exit(1)}"testjesttest:coveragejest --coveragetest:watchjest --watchtypechecktsc --noEmit
Dependencies15
@aws-sdk/client-ec2^3.750.0@aws-sdk/client-ec2-instance-connect^3.1001.0@aws-sdk/client-ecr^3.750.0@aws-sdk/client-iam^3.750.0@aws-sdk/client-rds^3.750.0@aws-sdk/client-route-53^3.1001.0@aws-sdk/client-s3^3.750.0@aws-sdk/client-ses^3.750.0@aws-sdk/client-sts^3.750.0@factiii/auth0.11.1@octokit/rest^20.0.2ansible-vault^1.3.0commander^11.1.0js-yaml^4.1.1libsodium-wrappers^0.7.11