Composer · packagist.org

hypejunction/hypegeo

Remote Payload: matched "curl "

Why PkgRadar flagged 7.0.1

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · hypeJunction-hypeGeo-72da4f0/vendors/composer/installers/src/bootstrap.php
medium	Remote Payload	matched "cURL " · hypeJunction-hypeGeo-72da4f0/vendors/willdurand/geocoder/src/Geocoder/HttpAdapter/CurlHttpAdapter.php
medium	Remote Payload	matched "cURL " · hypeJunction-hypeGeo-72da4f0/vendors/willdurand/geocoder/tests/Geocoder/Tests/HttpAdapter/CurlHttpAdapterTest.php
medium	Remote Payload	matched "cURL " · hypeJunction-hypeGeo-72da4f0/vendors/willdurand/geocoder/tests/bootstrap.php

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`7.0.1`	High risk	48	2026-06-05

Block this in CI

PkgRadar gates hypejunction/hypegeo (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer hypejunction/[email protected]