PkgRadar

npm · registry.npmjs.org

@lonu/stc

Remote Payload: matched "github.com/long-woo/stc/releases/download"

Why PkgRadar flagged 2.16.1

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/long-woo/stc/releases/download" · package/esm/src/cli.js

Scanned versions

VersionVerdictScoreScanned (UTC)
2.16.1Review82026-06-01
2.16.2Review82026-06-01

Block this in CI

PkgRadar gates @lonu/stc (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @lonu/[email protected]
Start free — 25 scans / moView full evidence
@lonu/stc — npm security scan | PkgRadar