PkgRadar

Composer · packagist.org

simp/pindrop

Remote Payload, Composer Install Scripts Present

Why PkgRadar flagged v4.0.0

SeveritySignalEvidence
mediumRemote Payload

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
v4.0.0Review172026-07-13

Block this in CI

PkgRadar gates simp/pindrop (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer simp/[email protected]
simp/pindrop — Composer security scan | PkgRadar