PkgRadar

npm · registry.npmjs.org

@mcp-guardian/server

Remote Payload: matched "curl "

Why PkgRadar flagged 4.1.4

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · package/dist/utils/token-counter.js

Scanned versions

VersionVerdictScoreScanned (UTC)
4.1.4Review142026-06-01
4.1.5Review142026-06-01
4.1.3Review142026-05-31
4.1.2Review202026-05-31
4.1.1Review142026-05-31
4.1.0Review172026-05-31
4.0.0Review172026-05-31
3.3.0Review172026-05-30
3.2.7Review252026-05-30
3.2.8Review252026-05-30
3.2.3Review172026-05-30
3.2.4Review172026-05-30
3.4.1Review172026-05-30
3.3.1Review372026-05-28

Block this in CI

PkgRadar gates @mcp-guardian/server (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @mcp-guardian/[email protected]
Start free — 25 scans / moView full evidence