PkgRadar

npm · registry.npmjs.org

@operato/scene-manufacturing

Remote Payload: matched "curl "

Why PkgRadar flagged 10.0.0-beta.42

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · package/dist/robot-arm-styles.js

Scanned versions

VersionVerdictScoreScanned (UTC)
1.3.28Low risk02026-06-13
1.3.29Low risk02026-06-13
1.4.0Low risk02026-06-13
10.0.0-beta.56Low risk02026-06-13
10.0.0-beta.55Low risk02026-06-08
10.0.0-beta.54Low risk02026-06-05
10.0.0-beta.53Low risk02026-06-03
10.0.0-beta.50Low risk02026-05-28
10.0.0-beta.48Low risk02026-05-26
10.0.0-beta.47Low risk02026-05-26
10.0.0-beta.42Review122026-05-24
10.0.0-beta.46Review122026-05-24

Block this in CI

PkgRadar gates @operato/scene-manufacturing (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @operato/[email protected]
Start free — 25 scans / moView full evidence