PkgRadar

Package evidence

[email protected]

Js Fetch Dynamic Exec, Shipped Live Secret, Remote Shell Cradle +5 more

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
4,525Niche · −30% score
Versions published
407Established · −30% score
First published
Jan 2026
Publisher
dnszlsk

Effective trust discount applied: 30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"high"}'
Publisherdnszlsk
Artifact bytes760,973
Previous version2.11.103
Published2026-06-12T10:52:51.383Z
SHA-25686517866fc98067da52a88ecd4611be2e6ba12dc75192e7bd7c4e1e9de7a011d

Why flagged

What the scanner saw

Js Fetch Dynamic Exec

2 candidate cluster(s) currently reference this release.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high
Last checked
highRisk
308Score
2.11.104Version
Status history (8 events)
  1. availableavailable · risk high · score 308 · status available -> available, risk high -> high, score 273 -> 308
  2. availableavailable · risk high · score 273 · status available -> available, risk high -> high, score 345 -> 273
  3. availableavailable · risk high · score 345 · status available -> available, risk high -> high, score 175 -> 345
  4. availableavailable · risk high · score 175 · status available -> available, risk high -> high, score 250 -> 175
  5. availableavailable · risk high · score 250 · status available -> available, risk high -> high, score 175 -> 250
  6. availableavailable · risk high · score 175 · status available -> available, risk high -> high, score 250 -> 175
  7. availableavailable · risk high · score 250 · status available -> available, risk high -> high, score 175 -> 250
  8. availableavailable · risk high · score 175 · status available -> available, risk high -> high, score 280 -> 175

Related candidates

Linked campaigns and clusters

Repeated static TTPactive

Js Concat Require Obfuscation

75 members · evidence strength 87
Publisher / release actor burstactive

Publisher burst: dnszlsk

69 members · evidence strength 84
Repeated static TTPcandidate

Js Concat Require Obfuscation

75 members · max score 311
Publisher / release actor burstcandidate

Publisher burst: dnszlsk

69 members · max score 311

Evidence

Static findings

30 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
highJs Fetch Dynamic Execmanifest45
highJs Fetch Dynamic Execmanifest45
highShipped Live Secretmanifest45
highJs Fetch Dynamic Execmanifest45
highRemote Shell Cradlemanifest45
highJs Fetch Dynamic Execmanifest45
highWebhook Exfil Endpointmanifest40
highJs Split Join Obfuscationmanifest40
highJs Concat Require Obfuscationmanifest40
highJs Concat Require Obfuscationmanifest40
highWebhook Exfil Endpointmanifest40
highWebhook Exfil Endpointmanifest40
highWebhook Exfil Endpointmanifest40
highWebhook Exfil Endpointmanifest40
highDNS / OAST exfiltrationmanifest30
highDNS / OAST exfiltrationmanifest30
highDNS / OAST exfiltrationmanifest30
highDNS / OAST exfiltrationmanifest30
mediumCredential file accessmanifest10
Show all 30 findings (low-signal and informational)
SeverityKindPathDetailPoints
highJs Fetch Dynamic Execmanifest45
highJs Fetch Dynamic Execmanifest45
highShipped Live Secretmanifest45
highJs Fetch Dynamic Execmanifest45
highRemote Shell Cradlemanifest45
highJs Fetch Dynamic Execmanifest45
highWebhook Exfil Endpointmanifest40
highJs Split Join Obfuscationmanifest40
highJs Concat Require Obfuscationmanifest40
highJs Concat Require Obfuscationmanifest40
highWebhook Exfil Endpointmanifest40
highWebhook Exfil Endpointmanifest40
highWebhook Exfil Endpointmanifest40
highWebhook Exfil Endpointmanifest40
highDNS / OAST exfiltrationmanifest30
highDNS / OAST exfiltrationmanifest30
highDNS / OAST exfiltrationmanifest30
highDNS / OAST exfiltrationmanifest30
mediumCredential file accessmanifest10
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5

Manifest

Package metadata

Dependencies6
  • @inquirer/prompts8.5.2
  • acorn8.16.0
  • acorn-walk8.3.5
  • adm-zip0.5.17
  • js-yaml4.2.0
  • web-tree-sitter^0.26.9