PkgRadar

npm · registry.npmjs.org

@lobehub/readme-wizard

Remote Payload: matched "api.github.com/graphql"

Why PkgRadar flagged 0.10.1

SeveritySignalEvidence
mediumRemote Payloadmatched "api.github.com/graphql" · package/src/services/sponsorkit/github/index.ts

Scanned versions

VersionVerdictScoreScanned (UTC)
0.10.1Review62026-06-12
0.10.2Review142026-06-12
0.10.3Review82026-06-12
0.10.4Review62026-06-12

Block this in CI

PkgRadar gates @lobehub/readme-wizard (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @lobehub/[email protected]
Start free — 25 scans / moView full evidence