Composer · packagist.org

ec-europa/toolkit

Php Remote Fetch Exec Combo: Remote fetch (file_get_contents/curl) paired with eval/exec — fetch-and-run pattern.

Why PkgRadar flagged 10.28.0

Severity	Signal	Evidence
high	Php Remote Fetch Exec Combo	Remote fetch (file_get_contents/curl) paired with eval/exec — fetch-and-run pattern. · ec-europa-toolkit-8572f09/src/TaskRunner/Commands/DocumentationCommands.php
medium	Remote Payload	matched "curl " · ec-europa-toolkit-8572f09/src/DrupalReleaseHistory.php
medium	Remote Payload	matched "curl " · ec-europa-toolkit-8572f09/src/TaskRunner/Commands/BlackfireCommands.php

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`10.28.0`	Review	19	2026-06-03

Block this in CI

PkgRadar gates ec-europa/toolkit (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer ec-europa/[email protected]