npm · registry.npmjs.org

@s0nderlabs/anima

Remote Payload: matched "api.telegram.org/bot"

Why PkgRadar flagged 0.24.15

Severity	Signal	Evidence
medium	Remote Payload	matched "api.telegram.org/bot" · package/src/util/telegram-secrets.ts

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.24.15`	Review	22	2026-06-18
`0.24.16`	Review	22	2026-06-18
`0.24.17`	Review	22	2026-06-18
`0.25.0`	Review	22	2026-06-18

Block this in CI

PkgRadar gates @s0nderlabs/anima (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @s0nderlabs/[email protected]