Package evidence

[email protected]

Remote Payload: matched "Invoke-WebRequest"

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"high"}'

Publishertocconpm

Artifact bytes4,644,571

Previous version3.16.13

Published2026-05-25T02:53:07.866Z

SHA-2563f59382d53a1dad23d81caa82c13a9ab21bd51f72aa59bfdb7a9f2c2da61b9c8

Why flagged

What the scanner saw

Remote Payload: matched "Invoke-WebRequest"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high

10d agoLast checked

highRisk

372Score

3.16.14Version

Status history (1 event)

new → available10d ago · risk high · score 372 · status changed

Evidence

Static findings

100 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
medium	Remote Payload	package/dist/chunk-2456.29756bfca4b18c959ca6.js	matched "Invoke-WebRequest"	12
medium	Obfuscation Density	package/dist/chunk-2981.98c2ee360caaa7c33765.js	high encoded/escaped-token density	12
medium	Obfuscation Density	package/dist/chunk-6335.470d01b24ae4bf68035b.js	high encoded/escaped-token density	12
medium	Remote Payload	package/dist/chunk-7802.518ecb2a2b0c0a4f2d75.js	matched "cURL "	12
medium	Remote Payload	package/dist/chunk-8077.1ddd76f2c7f821c3e4e1.js	matched "cURL "	12
medium	Obfuscation Density	package/dist/ckeditor4/plugins/codemirror/js/beautify.min.js	high encoded/escaped-token density	12
medium	Obfuscation Density	package/dist/ckeditor4/plugins/codemirror/js/codemirror.min.js	high encoded/escaped-token density	12
medium	Remote Payload	package/dist/ckeditor4/plugins/placeholder/lang/cy.js	matched "iwr "	12

Show all 100 findings (low-signal and informational)

Showing 60 of 100 findings.

Severity	Kind	Path	Detail	Points
medium	Remote Payload	package/dist/chunk-2456.29756bfca4b18c959ca6.js	matched "Invoke-WebRequest"	12
medium	Obfuscation Density	package/dist/chunk-2981.98c2ee360caaa7c33765.js	high encoded/escaped-token density	12
medium	Obfuscation Density	package/dist/chunk-6335.470d01b24ae4bf68035b.js	high encoded/escaped-token density	12
medium	Remote Payload	package/dist/chunk-7802.518ecb2a2b0c0a4f2d75.js	matched "cURL "	12
medium	Remote Payload	package/dist/chunk-8077.1ddd76f2c7f821c3e4e1.js	matched "cURL "	12
medium	Obfuscation Density	package/dist/ckeditor4/plugins/codemirror/js/beautify.min.js	high encoded/escaped-token density	12
medium	Obfuscation Density	package/dist/ckeditor4/plugins/codemirror/js/codemirror.min.js	high encoded/escaped-token density	12
medium	Remote Payload	package/dist/ckeditor4/plugins/placeholder/lang/cy.js	matched "iwr "	12
low	Obfuscation	package/dist/chunk-1057.c291f0104af5ce85a083.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-1170.01085552cbe0f87eaff3.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-1211.5bc45aa5ab8617293d62.js	matched "\\u2053"	3
low	Obfuscation	package/dist/chunk-1239.9a161e6a1e146d2ab202.js	matched "\\x7f"	3
low	Obfuscation	package/dist/chunk-1255.7c08b883fb543a25bb00.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-1281.6f8230ee148d22acd9ba.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-1742.b594006e421e8ed9b2d7.js	matched "\\u00a0"	3
low	Obfuscation	package/dist/chunk-1843.02797db5e75e83fd36e8.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-2030.4951dcd227d3704a4fcc.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-2451.61a6b346a79369985f59.js	matched "\\u00A2"	3
low	Obfuscation	package/dist/chunk-2575.1636f1388039b52492ef.js	matched "fromCharCode"	3
low	Obfuscation	package/dist/chunk-2682.053b8bf88db3ed64b4e6.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-2797.0e68a5098b4cedc22010.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-2887.14fdf774879806120ce1.js	matched "\\ud800"	3
low	Obfuscation	package/dist/chunk-2981.98c2ee360caaa7c33765.js	matched "\\xAA"	3
low	Obfuscation	package/dist/chunk-3124.bea696995a228c31db0b.js	matched "\\xAA"	3
low	Obfuscation	package/dist/chunk-3136.24899c8e6aa4bbc9d161.js	matched "fromCharCode"	3
low	Obfuscation	package/dist/chunk-3204.3485aea122d318f3bf45.js	matched "\\xff"	3
low	Obfuscation	package/dist/chunk-3330.dba7fcfa2f18dc40b83a.js	matched "\\u0080"	3
low	Obfuscation	package/dist/chunk-3489.466edac576604c59e848.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-3537.8f26ceec3e5f5c219598.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-3780.42ce8a35ca66ad4964b4.js	matched "\\u00a1"	3
low	Obfuscation	package/dist/chunk-3951.133acada0530da82b548.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-4108.23962eaf66f84fc45be7.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-4194.ed870f1ddb07bdbec96f.js	matched "\\u00BF"	3
low	Obfuscation	package/dist/chunk-4413.2359b180122808da21f3.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-4417.631fd41a513585c58eb8.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-4570.79edb57d646f666055be.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-4678.2cb01622019e29dc1b5a.js	matched "fromCharCode"	3
low	Obfuscation	package/dist/chunk-47.aff8057656217a04a1dd.js	matched "\\u00A2"	3
low	Obfuscation	package/dist/chunk-470.95373281fe1fd48e5afe.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-5009.d21fea80c9efed8d075e.js	matched "\\x00"	3
low	Obfuscation	package/dist/chunk-5010.3cc61dbd2547a493fcce.js	matched "\\x3c"	3
low	Obfuscation	package/dist/chunk-5029.513d1d2c683435dd2c06.js	matched "\\x3c"	3
low	Obfuscation	package/dist/chunk-5243.6ec0dc450e0f083db6eb.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-5408.3fa30543329798f9a375.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-5631.a496cc454b140386f0eb.js	matched "\\u00A0"	3
low	Obfuscation	package/dist/chunk-5802.6cb009df0edde3d619da.js	matched "fromCharCode"	3
low	Obfuscation	package/dist/chunk-6147.81c90d98ef1e2eccdfac.js	matched "\\xa1"	3
low	Obfuscation	package/dist/chunk-616.2bc2e8ef3a4b1598a55f.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-6335.470d01b24ae4bf68035b.js	matched "fromCharCode"	3
low	Obfuscation	package/dist/chunk-638.e45ed40ddbc8a39e31ee.js	matched "\\x61"	3
low	Obfuscation	package/dist/chunk-6396.1236f855af4e34079dd2.js	matched "\\x7f"	3
low	Obfuscation	package/dist/chunk-6623.a1e93bb42672ab731d2a.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-6667.999060d7b12c6edc0074.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-6679.042d5a0609d68e0ccae8.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-6809.4db7d0f6a14a65ff799a.js	matched "\\u2192"	3
low	Obfuscation	package/dist/chunk-7145.d57e54da6f1280274316.js	matched "\\u00BF"	3
low	Obfuscation	package/dist/chunk-7210.b4e2a31d61212bf36fe1.js	matched "fromCharCode"	3
low	Obfuscation	package/dist/chunk-7217.f52b9da34e5bfa680101.js	matched "\\xC0"	3
low	Obfuscation	package/dist/chunk-7385.a9cf1a2e9e01c7d77870.js	matched "\\x3e"	3
low	Obfuscation	package/dist/chunk-7627.518b0d5272327890bacf.js	matched "\\x3e"	3

Manifest

Package metadata

Scripts2

compile:prodcd ../../../ && yarn run compile:prod --package=devcon
prepackyarn run compile:prod