PkgRadar

npm · registry.npmjs.org

@aptos-scp/scp-component-commit-configs

Remote Payload: matched "curl "

Why PkgRadar flagged 5.0.10

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · package/config-next-version.sh
mediumRemote Payloadmatched "curl " · package/next-version.sh
mediumRemote Payloadmatched "curl " · package/post-patch.sh
mediumRemote Payloadmatched "wget " · package/sonar.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
5.0.10Review242026-06-12
5.0.11Review242026-06-12
5.0.12Review242026-05-27
5.0.13Review242026-05-27

Block this in CI

PkgRadar gates @aptos-scp/scp-component-commit-configs (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @aptos-scp/[email protected]
Start free — 25 scans / moView full evidence