PkgRadar

npm · registry.npmjs.org

@bcelep/prismx

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged 3.2.0

SeveritySignalEvidence
mediumRemote Payloadmatched "raw.githubusercontent.com" · package/templates/skills/hugging-face-model-trainer/scripts/train_grpo_example.py
mediumRemote Payloadmatched "curl " · package/templates/skills/vercel-deploy/scripts/deploy.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
3.3.0Low risk02026-05-29
3.2.0Review242026-05-28
3.2.1Review162026-05-28

Block this in CI

PkgRadar gates @bcelep/prismx (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @bcelep/[email protected]
Start free — 25 scans / moView full evidence