Package evidence

[email protected]

Js Split Join Obfuscation: Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis.

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 247
First published: Feb 2026
Publisher: diegosouza.pw

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"high"}'

Publisherdiegosouza.pw

Artifact bytes43,595,889

Previous version3.2.7

Published2026-05-24T21:44:11.434Z

SHA-256a10b8bde18e9740755546d54a7cb7a61b01f55903ad3de1a090c83162325ecd4

Why flagged

What the scanner saw

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high

20h agoLast checked

highRisk

129Score

3.2.8Version

Status history (6 events)

available → available20h ago · risk high · score 129 · status available -> available, risk high -> high, score 64 -> 129
available → available4d ago · risk high · score 64 · status available -> available, risk high -> high, score 303 -> 64
available → available9d ago · risk high · score 303 · status available -> available, risk high -> high, score 319 -> 303
available → available9d ago · risk high · score 319 · status available -> available, risk high -> high, score 344 -> 319
available → available9d ago · risk high · score 344 · status available -> available, risk high -> high, score 1286 -> 344
new → available10d ago · risk high · score 1286 · status changed

Evidence

Static findings

15 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
high	Js Split Join Obfuscation	package/app/open-sse/translator/request/claude-to-openai.ts	Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis.	40
medium	Remote Payload	package/app/.next/server/chunks/[root-of-the-server]__3556b50d._.js	matched "raw.githubusercontent.com"	12
medium	Remote Payload	package/app/.next/server/chunks/[root-of-the-server]__7d4ca1be._.js	matched "raw.githubusercontent.com"	12
medium	Remote Payload	package/app/.next/server/chunks/[root-of-the-server]__e92f2f9b._.js	matched "raw.githubusercontent.com"	12
medium	Remote Payload	package/app/node_modules/next/dist/lib/mkcert.js	matched "github.com/FiloSottile/mkcert/releases/download"	12
medium	Remote Payload	package/app/.next/server/chunks/src_043440d8._.js	matched "raw.githubusercontent.com"	12
medium	Remote Payload	package/app/.next/server/chunks/src_b1460e01._.js	matched "raw.githubusercontent.com"	12
medium	Remote Payload	package/app/.next/server/chunks/src_lib_localDb_ts_4e493de9._.js	matched "raw.githubusercontent.com"	12
medium	Remote Payload	package/app/.next/server/chunks/ssr/src_lib_localDb_ts_658378c4._.js	matched "raw.githubusercontent.com"	12
medium	Remote Payload	package/app/restart.sh	matched "curl "	12
medium	Remote Payload	package/app/src/lib/pricingSync.ts	matched "raw.githubusercontent.com"	12

Show all 15 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
high	Js Split Join Obfuscation	package/app/open-sse/translator/request/claude-to-openai.ts	Array-of-single-tokens joined to form a string — used to obscure module names like require(["n","o","de",":","cr","yp","to"].join("")), defeating static require() analysis.	40
medium	Remote Payload	package/app/.next/server/chunks/[root-of-the-server]__3556b50d._.js	matched "raw.githubusercontent.com"	12
medium	Remote Payload	package/app/.next/server/chunks/[root-of-the-server]__7d4ca1be._.js	matched "raw.githubusercontent.com"	12
medium	Remote Payload	package/app/.next/server/chunks/[root-of-the-server]__e92f2f9b._.js	matched "raw.githubusercontent.com"	12
medium	Remote Payload	package/app/node_modules/next/dist/lib/mkcert.js	matched "github.com/FiloSottile/mkcert/releases/download"	12
medium	Remote Payload	package/app/.next/server/chunks/src_043440d8._.js	matched "raw.githubusercontent.com"	12
medium	Remote Payload	package/app/.next/server/chunks/src_b1460e01._.js	matched "raw.githubusercontent.com"	12
medium	Remote Payload	package/app/.next/server/chunks/src_lib_localDb_ts_4e493de9._.js	matched "raw.githubusercontent.com"	12
medium	Remote Payload	package/app/.next/server/chunks/ssr/src_lib_localDb_ts_658378c4._.js	matched "raw.githubusercontent.com"	12
medium	Remote Payload	package/app/restart.sh	matched "curl "	12
medium	Remote Payload	package/app/src/lib/pricingSync.ts	matched "raw.githubusercontent.com"	12
low	Credential file access	package/app/.next/server/chunks/[root-of-the-server]__24ac2145._.js	matched ".aws/"	5
low	Credential file access	package/app/src/app/api/oauth/kiro/auto-import/route.ts	matched ".aws/"	5
low	Install-time lifecycle script	package.json	postinstall="node scripts/postinstall.mjs"	5
low	Obfuscation Density	package/app/package-lock.json	high encoded/escaped-token density	0

Manifest

Package metadata

Scripts36

buildnode scripts/build-next-isolated.mjs
build:clinode scripts/prepublish.mjs
checknpm run lint && npm run test
check:any-budget:t11node scripts/check-t11-any-budget.mjs
check:cyclesnode scripts/check-cycles.mjs
check:docs-syncnode scripts/check-docs-sync.mjs
check:route-validation:t06node scripts/check-route-validation.mjs
coverage:reportc8 report --exclude=tests/** --exclude=**/*.test.* --reporter=text --reporter=text-summary --reporter=html --reporter=json-summary --reporter=lcov
coverage:report:legacyc8 report --exclude=open-sse --reporter=text --reporter=text-summary
devnode scripts/run-next.mjs dev
electron:buildnpm run build && cd electron && npm run build
electron:build:linuxnpm run build && cd electron && npm run build:linux
electron:build:macnpm run build && cd electron && npm run build:mac
electron:build:winnpm run build && cd electron && npm run build:win
electron:devconcurrently "npm run dev" "wait-on http://localhost:20128 && cd electron && npm run dev"
linteslint .
postinstallnode scripts/postinstall.mjs
preparehusky
prepublishOnlynpm run build:cli
startnode scripts/run-next.mjs start
system-infonode scripts/system-info.mjs
testnode --import tsx/esm --test tests/unit/*.test.mjs
test:allnpm run test:unit && npm run test:vitest && npm run test:ecosystem && npm run test:e2e
test:coveragec8 --exclude=tests/** --exclude=**/*.test.* --reporter=text-summary --reporter=html --reporter=json-summary --reporter=lcov --check-coverage --statements 55 --lines 55 --functions 55 --branches 60 node --import tsx/esm --test tests/unit/*.test.mjs
test:coverage:legacyc8 --exclude=open-sse --check-coverage --lines 50 --functions 50 --branches 50 node --import tsx/esm --test tests/unit/*.test.mjs
test:e2enode scripts/run-playwright-tests.mjs test tests/e2e/*.spec.ts
test:ecosystemnode scripts/run-ecosystem-tests.mjs
test:fixesnode --import tsx/esm --test tests/unit/fixes-p1.test.mjs
test:integrationnode --import tsx/esm --test tests/integration/*.test.mjs
test:plan3node --import tsx/esm --test tests/unit/plan3-p0.test.mjs
…and 6 more.

Dependencies33

@lobehub/icons^5.0.1
@modelcontextprotocol/sdk^1.27.1
@monaco-editor/react^4.7.0
@swc/helpers0.5.19
bcryptjs^3.0.3
better-sqlite3^12.6.2
bottleneck^2.19.5
dompurify^3.3.2
express^5.2.1
fetch-socks^1.3.2
http-proxy-middleware^3.0.5
https-proxy-agent^8.0.0
jose^6.1.3
keytar^7.9.0
lowdb^7.0.1
monaco-editor^0.55.1
next^16.0.10
next-intl^4.8.3
node-machine-id^1.1.12
open^11.0.0
ora^9.1.0
pino^10.3.1
pino-pretty^13.1.3
react19.2.4
react-dom19.2.4
recharts^3.7.0
selfsigned^5.5.0
tsx^4.21.0
undici^7.19.2
uuid^13.0.0
…and 3 more.