PkgRadar

Package evidence

[email protected]

Js Hidden Powershell: Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
656
Versions published
54
First published
Mar 2026
Publisher
sid.mathur

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"high"}'
Publishersid.mathur
Artifact bytes405,082
Previous version2.0.165
Published2026-06-12T03:11:18.181Z
SHA-256d161c3f5e18ff58eff26d9c0be3a2dbaa11dcbe5b9a2c4e229be20c1ee77a6a7

Why flagged

What the scanner saw

Js Hidden Powershell: Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high
Last checked
highRisk
50Score
2.0.166Version
Status history (1 event)
  1. newavailable · risk high · score 50 · status changed

Evidence

Static findings

2 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
highJs Hidden Powershellpackage/dist/src/cli/commands/add-provider.jsHidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.45
Show all 2 findings (low-signal and informational)
SeverityKindPathDetailPoints
highJs Hidden Powershellpackage/dist/src/cli/commands/add-provider.jsHidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.45
lowInstall-time lifecycle scriptpackage.jsonpostinstall="node ./bin/fraim.js sync --skip-updates || echo 'FRAIM setup skipped.'"5

Manifest

Package metadata

Scripts56
  • backfill:persona-entitlementstsx scripts/backfill-persona-entitlements.ts
  • buildtsx scripts/build-fraim-config-schema-template.ts && npm run typecheck:scripts && tsc && npm run build:stubs && npm run build:fraim-brain && node scripts/copy-registry.js && npm run validate:registry && npm run validate:fraim-pro-assets && npm run validate:employee-catalog && npm run validate:learning-format-contract && tsx scripts/validate-purity.ts
  • build:fraim-brainnode scripts/generate-fraim-brain.js
  • build:stubstsx scripts/build-stub-registry.ts
  • devtsx --watch src/fraim-mcp-server.ts > server.log 2>&1
  • dev:fraimtsx --watch src/fraim-mcp-server.ts
  • dev:prodnpm run build && node dist/src/fraim-mcp-server.js > server.log 2>&1
  • firstrun:devtsx scripts/start-firstrun-dev.ts
  • fix-keytsx scripts/fraim/fix-expired-key.ts
  • fraim:initnpm run build && node index.js init
  • fraim:syncnode index.js sync --local
  • hub:desktopnpm run build && electron dist/src/ai-hub/desktop-main.js
  • hub:devtsx scripts/start-hub-dev.ts
  • manage-keystsx scripts/fraim/manage-keys.ts
  • manage-teamstsx scripts/fraim/manage-teams.ts
  • partner-discountstsx scripts/fraim/manage-partner-discounts.ts
  • postinstallnode ./bin/fraim.js sync --skip-updates || echo 'FRAIM setup skipped.'
  • prepublishOnlynpm run build
  • publish-bothnode scripts/publish-both.js
  • publish-both-manualnode scripts/publish-both.js
  • publish-fraim-onlynode scripts/publish-fraim.js
  • releasenpm version patch && npm run publish-both
  • serve:websitenode fraim-pro/serve.js
  • setup-stripe-webhooktsx scripts/fraim/setup-stripe-webhook.ts
  • start:fraimtsx src/fraim-mcp-server.ts
  • testnode scripts/test-with-server.js
  • test-allnpm run test && npm run test:isolated tests/isolated/test-*.ts && npm run test:ui
  • test:coveragenode scripts/test-with-server.js --tags=smoke --coverage
  • test:isolatednode scripts/test-isolated.js
  • test:perfnode scripts/test-with-server.js tests/performance/analytics-perf.ts
  • …and 26 more.
Dependencies20
  • @octokit/rest^22.0.1
  • adm-zip^0.5.16
  • axios^1.7.0
  • chalk4.1.2
  • commander^14.0.2
  • cors^2.8.5
  • dotenv^16.4.7
  • electron^41.2.2
  • express^5.2.1
  • mongodb^7.0.0
  • node-edge-tts^1.2.10
  • nodemailer^8.0.3
  • prompts^2.4.2
  • resend^6.9.3
  • selfsigned^5.5.0
  • semver^7.7.4
  • stripe^20.3.1
  • toml^3.0.0
  • tree-kill^1.2.2
  • xml2js^0.6.2