Package evidence

[email protected]

Obfuscation Density: high encoded/escaped-token density

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"high"}'

Publisherremsy

Artifact bytes3,274,605

Previous version3.8.4

Published2026-05-24T12:51:42.250Z

SHA-25671f40d1bdc86352cb1ef1d69d2ba0b9dc4269940113bda7fdf84114e72a471ea

Why flagged

What the scanner saw

Obfuscation Density: high encoded/escaped-token density

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high

24d agoLast checked

highRisk

75Score

3.8.5Version

Status history (1 event)

new → available24d ago · risk high · score 75 · status changed

Related candidates

Linked campaigns and clusters

Publisher / release actor burststale

remsy

2 members · evidence strength 59

Evidence

Static findings

19 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
medium	Obfuscation Density	package/dist/assets/chunk-727SXJPM-D_UtOHAV.js	high encoded/escaped-token density	12
medium	Obfuscation Density	package/dist/assets/flowDiagram-I6XJVG4X-i9Nk-RoE.js	high encoded/escaped-token density	12

Show all 19 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
medium	Obfuscation Density	package/dist/assets/chunk-727SXJPM-D_UtOHAV.js	high encoded/escaped-token density	12
medium	Obfuscation Density	package/dist/assets/flowDiagram-I6XJVG4X-i9Nk-RoE.js	high encoded/escaped-token density	12
low	Obfuscation	package/dist/assets/blockDiagram-GPEHLZMM-BaaYuLLX.js	matched "\\u000D"	3
low	Obfuscation	package/dist/assets/c4Diagram-AAUBKEIU-DJPHJtds.js	matched "eVal("	3
low	Obfuscation	package/dist/assets/ChartRenderer-CsSmOeUS.js	matched "\\u2028"	3
low	Obfuscation	package/dist/assets/chunk-727SXJPM-D_UtOHAV.js	matched "\\u00AA"	3
low	Obfuscation	package/dist/assets/cytoscape.esm-BHYC38rz.js	matched "\\u200b"	3
low	Obfuscation	package/dist/assets/docx-preview-1HZ2cBLf.js	matched "fromCharCode"	3
low	Obfuscation	package/dist/assets/erDiagram-TEJ5UH35-DoFjAiB-.js	matched "\\u00C0"	3
low	Obfuscation	package/dist/assets/flowDiagram-I6XJVG4X-i9Nk-RoE.js	matched "\\u00AA"	3
low	Obfuscation	package/dist/assets/index-COrH62pB.js	matched "\\x03"	3
low	Obfuscation	package/dist/assets/index-mJaxTisw.js	matched "fromCharCode"	3
low	Obfuscation	package/dist/assets/journeyDiagram-JHISSGLW-fn_Wigeb.js	matched "eVal("	3
low	Obfuscation	package/dist/assets/MermaidRenderer-DL5m_Hhz.js	matched "\\x1B"	3
low	Obfuscation	package/dist/assets/purify.es-DxCUJf2h.js	matched "\\u00B7"	3
low	Obfuscation	package/dist/assets/quadrantDiagram-W4KKPZXB-T2BQZBW5.js	matched "\\x00"	3
low	Obfuscation	package/dist/assets/sankeyDiagram-5OEKKPKP-1f5jZgij.js	matched "\\u000D"	3
low	Obfuscation	package/dist/assets/sequenceDiagram-3UESZ5HK-B8LfPZVJ.js	matched "eVal("	3
low	Obfuscation	package/dist/assets/wardley-L42UT6IY-DSnXDyTD.js	matched "\\u2028"	3

Manifest

Package metadata

Scripts7

buildtsc && vite build
devvite
lintnpm run lint:app
lint:appeslint . --report-unused-disable-directives --max-warnings 0
prepublishOnlynpm run build
previewvite preview
testnode --test 'tests/**/*.test.js'

Dependencies25

@auth0/auth0-react^2.15.0
abcjs^6.5.2
ajv^8.17.1
docx-preview^0.3.7
dompurify^3.0.8
express^5.0.1
express-rate-limit^8.2.1
http-proxy-middleware^3.0.5
js-yaml^4.1.1
katex^0.16.27
lucide-react^0.469.0
mermaid^11.12.2
path^0.12.7
react^19.0.0
react-dom^19.0.0
react-markdown^10.1.0
react-syntax-highlighter^15.5.0
read-excel-file^9.0.10
recharts^3.8.1
rehype-katex^7.0.1
remark-gfm^4.0.1
remark-math^6.0.0
unified^11.0.5
vite-plugin-dts^4.5.4
zustand^5.0.5