npm · registry.npmjs.org
@dvai-bridge/android-llama-core
Known Indicator Filename: package/android/src/main/cpp/native/llama.cpp/tools/server/public/bundle.js
Why PkgRadar flagged 4.0.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Known Indicator Filename | package/android/src/main/cpp/native/llama.cpp/tools/server/public/bundle.js · package/android/src/main/cpp/native/llama.cpp/tools/server/public/bundle.js |
| high | Credential file access | matched "GITHUB_TOKEN" · package/android/src/main/cpp/native/llama.cpp/.github/workflows/ai-issues.yml |
| high | Credential file access | matched "github_token" · package/android/src/main/cpp/native/llama.cpp/.github/workflows/close-issue.yml |
| high | Credential file access | matched "github_token" · package/android/src/main/cpp/native/llama.cpp/.github/workflows/docker.yml |
| high | Credential file access | matched "github_token" · package/android/src/main/cpp/native/llama.cpp/.github/workflows/release.yml |
| high | Credential file access | matched "GITHUB_TOKEN" · package/android/src/main/cpp/native/llama.cpp/.github/workflows/winget.yml |
| medium | Obfuscation Density | high encoded/escaped-token density · package/android/src/main/cpp/native/llama.cpp/tools/server/webui/package-lock.json |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/android/src/main/cpp/native/llama.cpp/scripts/compare-logprobs.py |
| medium | Obfuscation Density | high encoded/escaped-token density · package/android/src/main/cpp/native/llama.cpp/gguf-py/gguf/quants.py |
| medium | Remote Payload | matched "curl " · package/android/src/main/cpp/native/llama.cpp/scripts/snapdragon/qdc/tests/run_bench_tests_posix.py |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/android/src/main/cpp/native/llama.cpp/scripts/sync_vendor.py |
| medium | Remote Payload | matched "wget\r\n\r\n\r\n" · package/android/src/main/cpp/native/llama.cpp/tools/server/tests/utils.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
4.0.2 | Low risk | 0 | 2026-05-28 |
4.0.0 | Review | 255 | 2026-05-24 |
4.0.1 | Low risk | 0 | 2026-05-24 |
Block this in CI
pkgradar gate --ecosystem npm @dvai-bridge/[email protected]