PkgRadar

npm · registry.npmjs.org

@hyperlane-xyz/sdk

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged 35.1.0

SeveritySignalEvidence
mediumRemote Payloadmatched "raw.githubusercontent.com" · package/dist/utils/cosmos.js

Scanned versions

VersionVerdictScoreScanned (UTC)
35.1.0Review32026-06-05
35.0.0Review32026-05-28
35.0.1Review32026-05-28

Block this in CI

PkgRadar gates @hyperlane-xyz/sdk (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @hyperlane-xyz/[email protected]
Start free — 25 scans / moView full evidence