npm · registry.npmjs.org

@promus/cli

Remote Payload: matched "api.telegram.org/bot"

Why PkgRadar flagged 0.24.30

Severity	Signal	Evidence
medium	Remote Payload	matched "api.telegram.org/bot" · package/src/util/telegram-secrets.ts

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.24.30`	Review	22	2026-06-14
`0.24.29`	Review	22	2026-06-14
`0.24.28`	Review	22	2026-06-14
`0.24.26`	Review	22	2026-06-14
`0.24.27`	Review	22	2026-06-14
`0.24.24`	Review	22	2026-06-14
`0.24.25`	Review	22	2026-06-14
`0.24.23`	Review	22	2026-06-13
`0.24.22`	Review	22	2026-06-13
`0.24.21`	Review	22	2026-06-13
`0.24.20`	Review	22	2026-06-13
`0.24.19`	Review	22	2026-06-13
`0.24.18`	Review	22	2026-06-13
`0.24.17`	Review	22	2026-06-13

Block this in CI

PkgRadar gates @promus/cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @promus/[email protected]