PkgRadar

npm · registry.npmjs.org

@nocobase/plugin-ai

Remote Payload: matched "curl "

Why PkgRadar flagged 2.1.0-beta.37

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · package/dist/node_modules/just-bash/dist/bundle/browser.js

Scanned versions

VersionVerdictScoreScanned (UTC)
2.2.0-beta.2Low risk02026-06-13
2.1.4Low risk02026-06-13
2.1.3Low risk02026-06-12
2.1.2Low risk02026-06-11
2.1.1Low risk02026-06-11
2.1.0Low risk02026-06-10
2.2.0-beta.1Low risk02026-06-10
2.2.0-alpha.1Low risk02026-06-10
2.0.62Low risk02026-06-10
2.1.0-beta.48Low risk02026-06-10
2.1.0-beta.47Low risk02026-06-09
2.1.0-beta.46Low risk02026-06-08
2.1.0-beta.45Low risk02026-06-08
2.1.0-alpha.47Low risk02026-06-08
1.9.63Low risk02026-06-06
2.1.0-alpha.46Low risk02026-06-04
2.1.0-beta.44Low risk02026-06-03
2.0.61Low risk02026-06-03
2.1.0-beta.43Low risk02026-06-02
2.1.0-beta.42Low risk02026-06-01
2.0.59Low risk02026-05-30
2.0.58Low risk02026-05-30
2.0.57Low risk02026-05-30
2.1.0-beta.41Low risk02026-05-30
2.1.0-beta.40Low risk02026-05-30
2.1.0-alpha.45Low risk02026-05-29
2.0.60Low risk02026-05-29
2.1.0-beta.38Low risk02026-05-29
2.1.0-beta.37Review62026-05-26
2.1.0-alpha.40Review62026-05-25

Block this in CI

PkgRadar gates @nocobase/plugin-ai (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @nocobase/[email protected]
Start free — 25 scans / moView full evidence