PkgRadar

npm · registry.npmjs.org

@hatchway/cli

Remote Payload, Tls Verification Disabled, Credential file access

Why PkgRadar flagged 0.50.72

SeveritySignalEvidence
mediumRemote Payloadpackage/dist/chunks/auto-update-Ddo5Ntt7.js
mediumRemote Payloadpackage/dist/chunks/manager-0U0BIO9r.js
mediumTls Verification Disabledpackage/dist/chunks/port-allocator-DAjm7X-F.js
mediumRemote Payloadpackage/dist/chunks/upgrade-BBpJirEu.js

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
0.50.72Review442026-06-21
0.50.71Review562026-06-21
0.50.67Review442026-06-20
0.50.68Review442026-06-20
0.50.69Review442026-06-20
0.50.70Review562026-06-20

Block this in CI

PkgRadar gates @hatchway/cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @hatchway/[email protected]
Start free — 25 scans / moView full evidence