Package evidence
[email protected]
Known Indicator Filename: package/.next/standalone/node_modules/next/dist/compiled/babel/bundle.js
Recommended action
Block this updateStatic evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"high"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"high"}'Why flagged
What the scanner saw
Known Indicator Filename: package/.next/standalone/node_modules/next/dist/compiled/babel/bundle.js
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk high · score 1196 · status changed
Related candidates
Linked campaigns and clusters
dadenjo
4 members · evidence strength 84Evidence
Static findings
278 static · 0 from release diff · showing high-signal first.
Showing 30 of 37 findings.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Known Indicator Filename | package/.next/standalone/node_modules/next/dist/compiled/babel/bundle.js | package/.next/standalone/node_modules/next/dist/compiled/babel/bundle.js | 45 |
| medium | Obfuscation Density | package/.next/standalone/.next/static/chunks/5516-547540ac9cc69fa6.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/.next/static/static/chunks/5516-547540ac9cc69fa6.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/static/chunks/5516-547540ac9cc69fa6.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/.next/server/chunks/7733.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/.next/server/chunks/7934.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/next-server/app-page-experimental.runtime.prod.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/next-server/app-page-turbo-experimental.runtime.prod.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/next-server/app-page-turbo.runtime.prod.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/next-server/app-page.runtime.prod.js | high encoded/escaped-token density | 12 |
| medium | Remote Payload | package/.next/standalone/node_modules/next/dist/client/components/segment-cache/cache.js | matched "cUrl " | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/@vercel/nft/index.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/comment-json/index.js | high encoded/escaped-token density | 12 |
| medium | Remote Payload | package/.next/standalone/node_modules/next/dist/compiled/conf/index.js | matched "raw.githubusercontent.com" | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/conf/index.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/json5/index.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/jsonwebtoken/index.js | high encoded/escaped-token density | 12 |
| medium | Remote Payload | package/.next/standalone/node_modules/next/dist/compiled/schema-utils3/index.js | matched "raw.githubusercontent.com" | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/schema-utils3/index.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/@vercel/og/index.node.js | high encoded/escaped-token density | 12 |
| medium | Remote Payload | package/.next/standalone/node_modules/next/dist/next-devtools/server/launch-editor.js | matched "curl " | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/next-devtools/server/launch-editor.js | high encoded/escaped-token density | 12 |
| medium | Remote Payload | package/.next/standalone/node_modules/next/dist/compiled/@edge-runtime/primitives/load.js | matched "cURL " | 12 |
| medium | Remote Payload | package/.next/standalone/node_modules/next/dist/compiled/@modelcontextprotocol/sdk/server/mcp.js | matched "raw.githubusercontent.com" | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/@modelcontextprotocol/sdk/server/mcp.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/.next/static/chunks/app/blue/explorer/page-6cfa85782436c0ba.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/.next/static/static/chunks/app/blue/explorer/page-6cfa85782436c0ba.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/static/chunks/app/blue/explorer/page-6cfa85782436c0ba.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/.next/server/app/blue/explorer/page.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/react-dom/cjs/react-dom-server-legacy.browser.production.js | high encoded/escaped-token density | 12 |
Show all 278 findings (low-signal and informational)
Showing 60 of 278 findings.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Known Indicator Filename | package/.next/standalone/node_modules/next/dist/compiled/babel/bundle.js | package/.next/standalone/node_modules/next/dist/compiled/babel/bundle.js | 45 |
| medium | Obfuscation Density | package/.next/standalone/.next/static/chunks/5516-547540ac9cc69fa6.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/.next/static/static/chunks/5516-547540ac9cc69fa6.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/static/chunks/5516-547540ac9cc69fa6.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/.next/server/chunks/7733.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/.next/server/chunks/7934.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/next-server/app-page-experimental.runtime.prod.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/next-server/app-page-turbo-experimental.runtime.prod.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/next-server/app-page-turbo.runtime.prod.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/next-server/app-page.runtime.prod.js | high encoded/escaped-token density | 12 |
| medium | Remote Payload | package/.next/standalone/node_modules/next/dist/client/components/segment-cache/cache.js | matched "cUrl " | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/@vercel/nft/index.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/comment-json/index.js | high encoded/escaped-token density | 12 |
| medium | Remote Payload | package/.next/standalone/node_modules/next/dist/compiled/conf/index.js | matched "raw.githubusercontent.com" | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/conf/index.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/json5/index.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/jsonwebtoken/index.js | high encoded/escaped-token density | 12 |
| medium | Remote Payload | package/.next/standalone/node_modules/next/dist/compiled/schema-utils3/index.js | matched "raw.githubusercontent.com" | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/schema-utils3/index.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/@vercel/og/index.node.js | high encoded/escaped-token density | 12 |
| medium | Remote Payload | package/.next/standalone/node_modules/next/dist/next-devtools/server/launch-editor.js | matched "curl " | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/next-devtools/server/launch-editor.js | high encoded/escaped-token density | 12 |
| medium | Remote Payload | package/.next/standalone/node_modules/next/dist/compiled/@edge-runtime/primitives/load.js | matched "cURL " | 12 |
| medium | Remote Payload | package/.next/standalone/node_modules/next/dist/compiled/@modelcontextprotocol/sdk/server/mcp.js | matched "raw.githubusercontent.com" | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/next/dist/compiled/@modelcontextprotocol/sdk/server/mcp.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/.next/static/chunks/app/blue/explorer/page-6cfa85782436c0ba.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/.next/static/static/chunks/app/blue/explorer/page-6cfa85782436c0ba.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/static/chunks/app/blue/explorer/page-6cfa85782436c0ba.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/.next/server/app/blue/explorer/page.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/react-dom/cjs/react-dom-server-legacy.browser.production.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/react-dom/cjs/react-dom-server-legacy.node.production.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/react-dom/cjs/react-dom-server.browser.production.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/react-dom/cjs/react-dom-server.edge.production.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/react-dom/cjs/react-dom-server.node.production.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/.next/standalone/node_modules/ts-morph/dist/ts-morph.js | high encoded/escaped-token density | 12 |
| medium | Large Javascript Payload | package/.next/standalone/node_modules/@ts-morph/common/dist/ts-morph-common.js | 3016503 bytes | 10 |
| medium | Large Javascript Payload | package/.next/standalone/node_modules/@ts-morph/common/dist/typescript.js | 9143384 bytes | 10 |
| low | Obfuscation | package/.next/standalone/node_modules/next/dist/compiled/postcss-preset-env/index.cjs | matched "\\x20" | 3 |
| low | Obfuscation | package/.next/standalone/node_modules/next/dist/compiled/zod/index.cjs | matched "atob(" | 3 |
| low | Obfuscation | package/.next/standalone/.next/server/chunks/1947.js | matched "\\uD83D" | 3 |
| low | Obfuscation | package/.next/standalone/.next/static/chunks/2454-67de56e25fc9b2ca.js | matched "fromCharCode" | 3 |
| low | Obfuscation | package/.next/standalone/.next/static/static/chunks/2454-67de56e25fc9b2ca.js | matched "fromCharCode" | 3 |
| low | Obfuscation | package/.next/static/chunks/2454-67de56e25fc9b2ca.js | matched "fromCharCode" | 3 |
| low | Obfuscation | package/.next/standalone/.next/server/chunks/2749.js | matched "\\xa0" | 3 |
| low | Obfuscation | package/.next/standalone/.next/server/chunks/2816.js | matched "fromCharCode" | 3 |
| low | Obfuscation | package/.next/standalone/.next/server/chunks/2908.js | matched "atob(" | 3 |
| low | Obfuscation | package/.next/standalone/.next/server/chunks/319.js | matched "fromCharCode" | 3 |
| low | Obfuscation | package/.next/standalone/.next/server/chunks/3765.js | matched "\\u2192" | 3 |
| low | Obfuscation | package/.next/standalone/.next/static/chunks/3794-ba2500baa4c52d55.js | matched "\\u0000" | 3 |
| low | Obfuscation | package/.next/standalone/.next/static/static/chunks/3794-ba2500baa4c52d55.js | matched "\\u0000" | 3 |
| low | Obfuscation | package/.next/static/chunks/3794-ba2500baa4c52d55.js | matched "\\u0000" | 3 |
| low | Obfuscation | package/.next/standalone/.next/server/chunks/39.js | matched "fromCharCode" | 3 |
| low | Obfuscation | package/.next/standalone/.next/static/chunks/4014-1bdaa4a4aa755acc.js | matched "\\uD83D" | 3 |
| low | Obfuscation | package/.next/standalone/.next/static/static/chunks/4014-1bdaa4a4aa755acc.js | matched "\\uD83D" | 3 |
| low | Obfuscation | package/.next/static/chunks/4014-1bdaa4a4aa755acc.js | matched "\\uD83D" | 3 |
| low | Obfuscation | package/.next/standalone/.next/server/chunks/4741.js | matched "Buffer.from(a.body,\"base64" | 3 |
| low | Obfuscation | package/.next/standalone/.next/static/chunks/4bd1b696-e356ca5ba0218e27.js | matched "\\u00C0" | 3 |
| low | Obfuscation | package/.next/standalone/.next/static/static/chunks/4bd1b696-e356ca5ba0218e27.js | matched "\\u00C0" | 3 |
| low | Obfuscation | package/.next/static/chunks/4bd1b696-e356ca5ba0218e27.js | matched "\\u00C0" | 3 |
| low | Obfuscation | package/.next/standalone/.next/static/chunks/5516-547540ac9cc69fa6.js | matched "\\xb7" | 3 |
Manifest
Package metadata
Scripts10
buildnext build --webpack && npm run postbuilddevnext dev -p 3001linteslintpostbuildcp -r .next/static .next/standalone/.next/static && cp -r public .next/standalone/public && node scripts/patch-standalone.jsprebuildnode scripts/scrub-build-secrets.jsprepacknode scripts/scan-tarball-for-secrets.jsprepublishOnlynpm run build && npm testrelease-gatebash scripts/ci-release-gate.shstartnext start -p 3001testtsx --test lib/prism/monorepo/__tests__/detect.test.ts lib/prism/license/__tests__/license.test.ts lib/prism/license/__tests__/lemonsqueezy.test.ts lib/prism/lemonsqueezy/__tests__/tierMapping.test.ts lib/prism/lemonsqueezy/__tests__/client.test.ts lib/prism/blue/__tests__/detectSourceRoot.test.ts lib/prism/blue/__tests__/resolveScanGlobs.test.ts lib/prism/blue/__tests__/classifyBlueprint.test.ts lib/prism/blue/explorer/__tests__/kpiConfig.test.ts lib/prism/blue/explorer/__tests__/filterUtils.test.ts lib/prism/blue/explorer/__tests__/formGroupUtils.test.ts lib/prism/blue/explorer/__tests__/cockpitDeepLink.test.ts lib/prism/blue/__tests__/historyStore.test.ts lib/prism/blue/__tests__/standardsStore.test.ts lib/prism/blue/__tests__/forgeSnapshot.test.ts lib/prism/blue/fitness/__tests__/evaluator.test.ts lib/prism/amber/__tests__/engine.test.ts lib/prism/amber/__tests__/llmProvider.test.ts lib/prism/green/__tests__/engine.test.ts lib/prism/green/__tests__/queriesRoute.test.ts lib/prism/green/__tests__/insightsRoute.test.ts
Dependencies12
@anthropic-ai/sdk^0.97.1@tailwindcss/typography^0.5.19@types/dagre^0.7.54@xyflow/react^12.10.2dagre^0.8.5next16.2.6prismlens^0.25.0react19.2.4react-dom19.2.4react-markdown^10.1.0remark-gfm^4.0.1ts-morph^28.0.0
Optional dependencies1
keytar^7.9.0