PkgRadar

Composer · packagist.org

miropen/mir-php

Remote Payload: matched "github.com/%s/releases/download"

Why PkgRadar flagged v0.35.0

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/%s/releases/download" · jorgsowa-mir-4f62f0b/composer/src/Installer.php

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.35.0Review122026-06-09
v0.34.0Review122026-06-08
v0.32.0Review122026-06-03
v0.31.0Review122026-06-01

Block this in CI

PkgRadar gates miropen/mir-php (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer miropen/[email protected]
Start free — 25 scans / moView full evidence
miropen/mir-php — Composer security scan | PkgRadar