npm · registry.npmjs.org

@c0mpute/worker

Remote Payload: matched "curl "

Why PkgRadar flagged 2.8.2

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · package/dist/setup.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2.8.2`	Review	12	2026-06-19
`2.8.1`	Review	12	2026-06-19
`2.8.0`	Review	12	2026-06-19
`2.7.0`	Low risk	0	2026-06-13
`2.6.9`	Low risk	0	2026-06-09
`2.6.5`	Low risk	0	2026-06-09
`2.6.4`	Low risk	0	2026-06-09
`2.6.3`	Low risk	0	2026-06-09
`2.6.2`	Low risk	0	2026-06-09
`2.6.1`	Low risk	0	2026-06-09
`2.6.0`	Low risk	0	2026-06-09
`2.5.0`	Low risk	0	2026-06-05
`2.4.0`	Low risk	0	2026-06-05
`2.3.4`	Low risk	0	2026-06-02
`2.3.3`	Low risk	0	2026-05-31
`2.3.1`	Low risk	0	2026-05-31
`2.3.2`	Low risk	0	2026-05-31

Block this in CI

PkgRadar gates @c0mpute/worker (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @c0mpute/[email protected]