PkgRadar

Composer · packagist.org

sproutcms/cms

Remote Payload: matched "cURL "

Why PkgRadar flagged v4.3.59

SeveritySignalEvidence
mediumRemote Payloadmatched "cURL " · Karmabunny-sprout3-2ed179a/src/sprout/Helpers/HttpReq.php
mediumRemote Payloadmatched "raw.githubusercontent.com" · Karmabunny-sprout3-2ed179a/src/sprout/Helpers/UserAgent.php

Scanned versions

VersionVerdictScoreScanned (UTC)
v4.3.59Review122026-06-03
v3.4.39Review122026-06-03
v4.4.13Review122026-06-03
v4.3.58Review122026-05-28
v4.4.12Review122026-05-28

Block this in CI

PkgRadar gates sproutcms/cms (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer sproutcms/[email protected]
Start free — 25 scans / moView full evidence