npm · registry.npmjs.org

@open-turo/eslint-config-react

Remote Payload: matched "curl "

Why PkgRadar flagged 24.0.12

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · package/.github/workflows/ci.yaml

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`24.0.17`	Low risk	0	2026-06-10
`24.0.16`	Low risk	0	2026-06-08
`24.0.15`	Low risk	0	2026-06-05
`24.0.14`	Low risk	0	2026-06-01
`24.0.12`	Review	12	2026-05-27
`24.0.13`	Review	12	2026-05-27

Block this in CI

PkgRadar gates @open-turo/eslint-config-react (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @open-turo/[email protected]