PkgRadar

npm · registry.npmjs.org

@mattabase/modlens-mcp

Remote Payload: matched "github.com/Mattabase/modlens-mcp/releases/download"

Why PkgRadar flagged 1.4.0

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/Mattabase/modlens-mcp/releases/download" · package/dist/java-tools.js
mediumRemote Payloadmatched "raw.githubusercontent.com" · package/dist/tools/primers.js

Scanned versions

VersionVerdictScoreScanned (UTC)
1.4.0Review292026-05-29
1.3.4Review292026-05-26
1.3.2Review52026-05-25
1.3.3Review52026-05-25

Block this in CI

PkgRadar gates @mattabase/modlens-mcp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @mattabase/[email protected]
Start free — 25 scans / moView full evidence