PkgRadar

Composer · packagist.org

woocommerce/qit-cli

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged 1.2.1

SeveritySignalEvidence
mediumRemote Payloadmatched "raw.githubusercontent.com" · woocommerce-qit-cli-7b3e53b/src/src/Commands/TestPackages/PackageScaffoldCommand.php
mediumRemote Payloadmatched "curl " · woocommerce-qit-cli-7b3e53b/src/src/Environment/Environments/Performance/PerformanceEnvironment.php
mediumRemote Payloadmatched "github.com/woocommerce/woocommerce/releases/download" · woocommerce-qit-cli-7b3e53b/src/src/PreCommand/Extensions/VersionResolver.php
mediumRemote Payloadmatched "curl " · woocommerce-qit-cli-7b3e53b/src/src/RequestBuilder.php

Scanned versions

VersionVerdictScoreScanned (UTC)
1.2.1High risk292026-06-15

Block this in CI

PkgRadar gates woocommerce/qit-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer woocommerce/[email protected]
Start free — 25 scans / moView full evidence