PkgRadar

npm · registry.npmjs.org

@kitpilot/cli

Large Javascript Payload, Suspicious Publish Context

Why PkgRadar flagged 0.3.3

SeveritySignalEvidence
mediumSuspicious Publish Context

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
0.3.3Review102026-06-22
0.3.2Review102026-06-22
0.3.1Review102026-06-22
0.2.5Low risk02026-06-22
0.3.0Low risk02026-06-22
0.2.4Low risk02026-06-21
0.2.3Low risk02026-06-21
0.2.2Low risk02026-06-21
0.2.1Low risk02026-06-21
0.2.0Low risk02026-06-21
0.1.0Low risk02026-06-21

Block this in CI

PkgRadar gates @kitpilot/cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @kitpilot/[email protected]
Start free — 25 scans / moView full evidence
@kitpilot/cli — npm security scan | PkgRadar