PkgRadar

npm · registry.npmjs.org

@afrd/wave

Remote Payload: matched "github.com/$REPO/releases/download"

Why PkgRadar flagged 0.1.1

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/$REPO/releases/download" · package/scripts/install.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.1Review122026-05-28
0.1.2Review122026-05-28

Block this in CI

PkgRadar gates @afrd/wave (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @afrd/[email protected]
Start free — 25 scans / moView full evidence