PkgRadar

Package evidence

[email protected]

Js Fetch Dynamic Exec, Shipped Live Secret, Remote Shell Cradle +5 more

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
4,525Niche · −30% score
Versions published
407Established · −30% score
First published
Jan 2026
Publisher
dnszlsk

Effective trust discount applied: 30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"high"}'
Publisherdnszlsk
Artifact bytes783,414
Previous version2.11.111
Published2026-06-13T13:45:25.545Z
SHA-256a02be44b39104f8ed761c4c274cb313f12f06c13ee6595367b07576f43258215

Why flagged

What the scanner saw

Js Fetch Dynamic Exec

1 candidate cluster(s) currently reference this release.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high
Last checked
highRisk
308Score
2.11.112Version
Status history (6 events)
  1. availableavailable · risk high · score 308 · status available -> available, risk high -> high, score 273 -> 308
  2. availableavailable · risk high · score 273 · status available -> available, risk high -> high, score 241 -> 273
  3. availableavailable · risk high · score 241 · status available -> available, risk high -> high, score 175 -> 241
  4. availableavailable · risk high · score 175 · status available -> available, risk high -> high, score 250 -> 175
  5. availableavailable · risk high · score 250 · status available -> available, risk high -> high, score 196 -> 250
  6. newavailable · risk high · score 196 · status changed

Related candidates

Linked campaigns and clusters

Repeated static TTPactive

Js Concat Require Obfuscation

75 members · evidence strength 87
Repeated static TTPcandidate

Js Concat Require Obfuscation

75 members · max score 311

Evidence

Static findings

31 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
highJs Fetch Dynamic Execmanifest45
highJs Fetch Dynamic Execmanifest45
highShipped Live Secretmanifest45
highJs Fetch Dynamic Execmanifest45
highRemote Shell Cradlemanifest45
highJs Fetch Dynamic Execmanifest45
highWebhook Exfil Endpointmanifest40
highJs Split Join Obfuscationmanifest40
highJs Concat Require Obfuscationmanifest40
highJs Concat Require Obfuscationmanifest40
highWebhook Exfil Endpointmanifest40
highWebhook Exfil Endpointmanifest40
highWebhook Exfil Endpointmanifest40
highWebhook Exfil Endpointmanifest40
highDNS / OAST exfiltrationmanifest30
highDNS / OAST exfiltrationmanifest30
highDNS / OAST exfiltrationmanifest30
highDNS / OAST exfiltrationmanifest30
mediumCredential file accessmanifest10
mediumCredential file accessmanifest10
Show all 31 findings (low-signal and informational)
SeverityKindPathDetailPoints
highJs Fetch Dynamic Execmanifest45
highJs Fetch Dynamic Execmanifest45
highShipped Live Secretmanifest45
highJs Fetch Dynamic Execmanifest45
highRemote Shell Cradlemanifest45
highJs Fetch Dynamic Execmanifest45
highWebhook Exfil Endpointmanifest40
highJs Split Join Obfuscationmanifest40
highJs Concat Require Obfuscationmanifest40
highJs Concat Require Obfuscationmanifest40
highWebhook Exfil Endpointmanifest40
highWebhook Exfil Endpointmanifest40
highWebhook Exfil Endpointmanifest40
highWebhook Exfil Endpointmanifest40
highDNS / OAST exfiltrationmanifest30
highDNS / OAST exfiltrationmanifest30
highDNS / OAST exfiltrationmanifest30
highDNS / OAST exfiltrationmanifest30
mediumCredential file accessmanifest10
mediumCredential file accessmanifest10
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5

Manifest

Package metadata

Dependencies6
  • @inquirer/prompts8.5.2
  • acorn8.16.0
  • acorn-walk8.3.5
  • adm-zip0.5.17
  • js-yaml4.2.0
  • web-tree-sitter^0.26.9