# readline-sync@1.2.6 — Threat Briefing

High risk — threat briefing for npm package readline-sync@1.2.6. Capabilities, risk paths, and what to check.

- **Ecosystem:** npm
- **Latest version:** 1.4.10

## Risk

- **Level:** high
- **Summary:** Obfuscated shell execution — concealment pattern

## Capability Summary

| Capability | Level |
|---|---|
| install scripts | none |
| network access | none |
| filesystem | both |
| shell execution | exec |

## Capabilities

### Other

- Cryptographic hashing [common]
- Encryption/decryption operations [common]
- Filesystem read from package directory (info-only) [common]
- Code obfuscation indicators [common]

### Environment

- Environment variable access [common]

### Filesystem

- Filesystem read [common]
- Filesystem write [common]

### System

- Process control [common]

### Execution

- Shell execution [unusual]

## Key Signals

- ****
- ****

## Maintainer


## Recommended Action

Review before installing in sensitive environments.