npm · registry.npmjs.org
@chrome-devtools/node-app
Remote Payload: matched "cURL "
Why PkgRadar flagged 1.20260517.0
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "cURL " · package/locales/af.json |
| medium | Remote Payload | matched "cURL " · package/locales/am.json |
| medium | Remote Payload | matched "cURL " · package/locales/ar.json |
| medium | Remote Payload | matched "cURL " · package/locales/as.json |
| medium | Remote Payload | matched "cURL " · package/locales/az.json |
| medium | Remote Payload | matched "cURL " · package/locales/be.json |
| medium | Remote Payload | matched "cURL " · package/locales/bg.json |
| medium | Remote Payload | matched "cURL " · package/locales/bn.json |
| medium | Remote Payload | matched "cURL " · package/locales/bs.json |
| medium | Remote Payload | matched "cURL " · package/locales/ca.json |
| medium | Remote Payload | matched "cURL " · package/locales/cs.json |
| medium | Remote Payload | matched "iwr " · package/locales/cy.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.20260531.0 | Low risk | 0 | 2026-05-31 |
1.20260517.0 | Review | 72 | 2026-05-24 |
1.20260524.0 | Review | 72 | 2026-05-24 |
Block this in CI
pkgradar gate --ecosystem npm @chrome-devtools/[email protected]