PkgRadar

npm · registry.npmjs.org

@codemieai/code

Remote Payload: matched "Invoke-WebRequest"

Why PkgRadar flagged 0.4.2

SeveritySignalEvidence
mediumRemote Payloadmatched "Invoke-WebRequest" · package/dist/frameworks/plugins/codebase-memory.plugin.js

Scanned versions

VersionVerdictScoreScanned (UTC)
0.4.2Review252026-06-12
0.4.1Review252026-06-09
0.2.1Review252026-06-09
0.4.0Review252026-06-09
0.3.1Review232026-05-27
0.3.2Review232026-05-27

Block this in CI

PkgRadar gates @codemieai/code (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @codemieai/[email protected]
Start free — 25 scans / moView full evidence