PkgRadar

Composer · packagist.org

zalas/toolbox

Remote Payload

Why PkgRadar flagged v1.109.0

SeveritySignalEvidence
mediumRemote Payloadjakzal-toolbox-7dcd80f/bin/devkit.php
mediumRemote Payloadjakzal-toolbox-7dcd80f/src/Tool/Command/FileDownloadCommand.php
mediumRemote Payloadjakzal-toolbox-7dcd80f/src/Tool/Command/PharDownloadCommand.php

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
v1.109.0Review72026-06-24
v1.108.1Review72026-06-24

Block this in CI

PkgRadar gates zalas/toolbox (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer zalas/[email protected]
Start free — 25 scans / moView full evidence