npm · registry.npmjs.org

@polderlabs/bizar

Remote Payload: matched "curl "

Why PkgRadar flagged 3.0.0

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · package/cli/copy.mjs
medium	Remote Payload	matched "curl " · package/cli/install.mjs

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`3.0.0`	Review	29	2026-06-20
`2.6.1`	Review	29	2026-06-20
`2.6.0`	Review	29	2026-06-20
`2.4.0`	Review	29	2026-06-20
`2.3.0`	Review	29	2026-06-20
`3.5.4`	Review	24	2026-06-19
`3.5.2`	Review	24	2026-06-19
`3.5.1`	Review	24	2026-06-19
`3.5.0`	Review	24	2026-06-19
`3.4.1`	Review	24	2026-06-19
`3.3.3`	Review	24	2026-06-19
`3.3.1`	Review	24	2026-06-19
`3.3.2`	Review	24	2026-06-19
`3.3.0`	Review	24	2026-06-19
`3.2.2`	Review	24	2026-06-19
`3.2.1`	Review	29	2026-06-19
`3.2.0`	Review	29	2026-06-19
`3.1.1`	Review	29	2026-06-19
`3.0.2`	Review	29	2026-06-19
`3.0.1`	Review	39	2026-06-19

Block this in CI

PkgRadar gates @polderlabs/bizar (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @polderlabs/[email protected]