PkgRadar

Composer · packagist.org

tradecentric/module-punchout

Remote Payload: matched "curl "

Why PkgRadar flagged 3.1.17

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · tradecentric-Magento_PunchOut-8769998/Model/Request/Validate/RemoteValidationHandler/RemoteInfoHandler.php

Scanned versions

VersionVerdictScoreScanned (UTC)
3.1.17Review62026-06-03

Block this in CI

PkgRadar gates tradecentric/module-punchout (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer tradecentric/[email protected]
Start free — 25 scans / moView full evidence