PkgRadar

Package evidence

[email protected]

Js Fetch Dynamic Exec, Shipped Live Secret, Remote Shell Cradle +5 more

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
4,525Niche · −30% score
Versions published
407Established · −30% score
First published
Jan 2026
Publisher
dnszlsk

Effective trust discount applied: 30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"high"}'
Publisherdnszlsk
Artifact bytes779,011
Previous version2.11.109
Published2026-06-12T17:33:56.303Z
SHA-25656944f283dd2ec69d94e349150f046a330c8237407be85acdc75acd9ee80ee6c

Why flagged

What the scanner saw

Js Fetch Dynamic Exec

2 candidate cluster(s) currently reference this release.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high
Last checked
highRisk
308Score
2.11.110Version
Status history (4 events)
  1. availableavailable · risk high · score 308 · status available -> available, risk high -> high, score 273 -> 308
  2. availableavailable · risk high · score 273 · status available -> available, risk high -> high, score 175 -> 273
  3. availableavailable · risk high · score 175 · status available -> available, risk high -> high, score 280 -> 175
  4. newavailable · risk high · score 280 · status changed

Related candidates

Linked campaigns and clusters

Repeated static TTPactive

Js Concat Require Obfuscation

75 members · evidence strength 87
Publisher / release actor burstactive

Publisher burst: dnszlsk

69 members · evidence strength 84
Repeated static TTPcandidate

Js Concat Require Obfuscation

75 members · max score 311
Publisher / release actor burstcandidate

Publisher burst: dnszlsk

69 members · max score 311

Evidence

Static findings

30 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
highJs Fetch Dynamic Execmanifest45
highJs Fetch Dynamic Execmanifest45
highShipped Live Secretmanifest45
highJs Fetch Dynamic Execmanifest45
highRemote Shell Cradlemanifest45
highJs Fetch Dynamic Execmanifest45
highWebhook Exfil Endpointmanifest40
highJs Split Join Obfuscationmanifest40
highJs Concat Require Obfuscationmanifest40
highJs Concat Require Obfuscationmanifest40
highWebhook Exfil Endpointmanifest40
highWebhook Exfil Endpointmanifest40
highWebhook Exfil Endpointmanifest40
highWebhook Exfil Endpointmanifest40
highDNS / OAST exfiltrationmanifest30
highDNS / OAST exfiltrationmanifest30
highDNS / OAST exfiltrationmanifest30
highDNS / OAST exfiltrationmanifest30
mediumCredential file accessmanifest10
Show all 30 findings (low-signal and informational)
SeverityKindPathDetailPoints
highJs Fetch Dynamic Execmanifest45
highJs Fetch Dynamic Execmanifest45
highShipped Live Secretmanifest45
highJs Fetch Dynamic Execmanifest45
highRemote Shell Cradlemanifest45
highJs Fetch Dynamic Execmanifest45
highWebhook Exfil Endpointmanifest40
highJs Split Join Obfuscationmanifest40
highJs Concat Require Obfuscationmanifest40
highJs Concat Require Obfuscationmanifest40
highWebhook Exfil Endpointmanifest40
highWebhook Exfil Endpointmanifest40
highWebhook Exfil Endpointmanifest40
highWebhook Exfil Endpointmanifest40
highDNS / OAST exfiltrationmanifest30
highDNS / OAST exfiltrationmanifest30
highDNS / OAST exfiltrationmanifest30
highDNS / OAST exfiltrationmanifest30
mediumCredential file accessmanifest10
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5

Manifest

Package metadata

Dependencies6
  • @inquirer/prompts8.5.2
  • acorn8.16.0
  • acorn-walk8.3.5
  • adm-zip0.5.17
  • js-yaml4.2.0
  • web-tree-sitter^0.26.9