PkgRadar

npm · registry.npmjs.org

@cortexkit/aft-bridge

Remote Payload: matched "github.com/${REPO}/releases/download"

Why PkgRadar flagged 0.30.1

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/${REPO}/releases/download" · package/dist/downloader.js
mediumRemote Payloadmatched "github.com/${ORT_REPO}/releases/download" · package/dist/onnx-runtime.js

Scanned versions

VersionVerdictScoreScanned (UTC)
0.39.1Low risk02026-06-14
0.39.0Low risk02026-06-13
0.38.0Low risk02026-06-13
0.37.2Low risk02026-06-12
0.37.1Low risk02026-06-11
0.37.0Low risk02026-06-10
0.36.1Low risk02026-06-08
0.36.0Low risk02026-06-07
0.35.4Low risk02026-06-05
0.35.3Low risk02026-06-04
0.35.2Low risk02026-06-03
0.35.1Low risk02026-06-03
0.35.0Low risk02026-06-03
0.34.0Low risk02026-06-01
0.33.0Low risk02026-05-30
0.32.0Low risk02026-05-27
0.31.1Low risk02026-05-26
0.31.0Low risk02026-05-26
0.30.3Low risk02026-05-25
0.30.2Low risk02026-05-25
0.30.1Review242026-05-24
0.29.1Review242026-05-24
0.30.0Review242026-05-24

Block this in CI

PkgRadar gates @cortexkit/aft-bridge (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @cortexkit/[email protected]
Start free — 25 scans / moView full evidence