npm · registry.npmjs.org
@circlesac/vlt-cli
Remote Payload: matched "curl "
Why PkgRadar flagged 26.6.2
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · package/bin/install.sh |
| medium | New Account With Lifecycle Hook | package first published 83 day(s) ago, 10 total version(s), has lifecycle hook · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
26.6.2 | Review | 5 | 2026-06-12 |
26.6.1 | Review | 5 | 2026-06-12 |
26.5.1 | Review | 5 | 2026-06-12 |
26.5.2 | Review | 5 | 2026-06-12 |
26.5.3 | Review | 5 | 2026-06-12 |
26.6.0 | Review | 5 | 2026-06-12 |
Block this in CI
pkgradar gate --ecosystem npm @circlesac/[email protected]