PkgRadar

npm · registry.npmjs.org

@cortexkit/aft

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged 0.30.1

SeveritySignalEvidence
mediumRemote Payloadmatched "raw.githubusercontent.com" · package/dist/index.js
mediumObfuscation Densityhigh encoded/escaped-token density · package/dist/index.js

Scanned versions

VersionVerdictScoreScanned (UTC)
0.37.2Low risk02026-06-12
0.37.1Low risk02026-06-11
0.37.0Low risk02026-06-10
0.36.1Low risk02026-06-08
0.36.0Low risk02026-06-08
0.35.4Low risk02026-06-05
0.35.3Low risk02026-06-04
0.35.2Low risk02026-06-03
0.35.1Low risk02026-06-03
0.35.0Low risk02026-06-03
0.34.0Low risk02026-06-01
0.33.0Low risk02026-05-30
0.32.0Low risk02026-05-27
0.31.1Low risk02026-05-26
0.31.0Low risk02026-05-26
0.30.3Low risk02026-05-25
0.30.2Low risk02026-05-25
0.30.1Review122026-05-24
0.29.1Review122026-05-24
0.30.0Review122026-05-24

Block this in CI

PkgRadar gates @cortexkit/aft (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @cortexkit/[email protected]
Start free — 25 scans / moView full evidence