PkgRadar

npm · registry.npmjs.org

@bufferapp/composer

Remote Payload: matched "curl "

Why PkgRadar flagged 2.7.3

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · package/.travis.yml
mediumLarge Javascript Payload3041210 bytes · package/composer-web-iframe-bundle.ddf5e66cf47902d3928db8bc3a68815a.gz.js
mediumLarge Javascript Payload6640986 bytes · package/dist/composer-web-iframe-bundle.js

Scanned versions

VersionVerdictScoreScanned (UTC)
2.7.3Review92026-05-27
2.8.0Review92026-05-27

Block this in CI

PkgRadar gates @bufferapp/composer (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @bufferapp/[email protected]
Start free — 25 scans / moView full evidence