npm · registry.npmjs.org

@1agh/maude

Remote Payload: matched "curl "

Why PkgRadar flagged 0.28.1

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · package/plugins/design/dev-server/bin/prep.sh
medium	Remote Payload	matched "curl " · package/plugins/design/dev-server/bin/runtime-health.sh
medium	Remote Payload	matched "curl " · package/plugins/design/dev-server/bin/server-up.sh
medium	Remote Payload	matched "curl " · package/plugins/design/dev-server/bin/svg-optimize.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.28.1`	High risk	53	2026-06-10
`0.29.0`	High risk	37	2026-06-10
`0.28.0`	High risk	53	2026-06-10
`0.27.0`	High risk	37	2026-06-10
`0.26.0`	High risk	37	2026-06-10
`0.25.0`	High risk	41	2026-06-10
`0.24.0`	Review	41	2026-05-30
`0.22.0`	Review	20	2026-05-30
`0.23.0`	Review	39	2026-05-28
`0.22.2`	Review	35	2026-05-27
`0.20.0`	Review	27	2026-05-26
`0.19.1`	Review	27	2026-05-26
`0.19.0`	Review	27	2026-05-26
`0.18.1`	Review	27	2026-05-25
`0.18.2`	Review	27	2026-05-25
`0.17.2`	Review	27	2026-05-25
`0.17.1`	Review	27	2026-05-25
`0.16.0`	Review	27	2026-05-25

Block this in CI

PkgRadar gates @1agh/maude (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @1agh/[email protected]