npm · registry.npmjs.org
@platformatic/rdkafka
Native Addon Gyp Action: binding.gyp runs a script or chains shell during node-gyp build (executes outside package.json lifecycle)
Why PkgRadar flagged 4.0.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Native Addon Gyp Action | binding.gyp runs a script or chains shell during node-gyp build (executes outside package.json lifecycle) · package/binding.gyp |
| medium | Remote Payload | matched "curl " · package/deps/librdkafka/packaging/alpine/build-alpine.sh |
| medium | Remote Payload | matched "curl " · package/deps/librdkafka/packaging/tools/build-configurations-checks.sh |
| medium | Remote Payload | matched "curl " · package/deps/librdkafka/packaging/tools/build-release-artifacts.sh |
| medium | Remote Payload | matched "wget " · package/deps/librdkafka/packaging/cp/verify-deb.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
4.0.0 | High risk | 88 | 2026-06-11 |
4.0.1 | High risk | 88 | 2026-06-11 |
Related campaigns
Block this in CI
pkgradar gate --ecosystem npm @platformatic/[email protected]