PkgRadar

npm · registry.npmjs.org

@sap/generator-mdk

Remote Payload: matched "curl "

Why PkgRadar flagged 1.0.0-2

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · package/generators/app/utils/cfHelper.js
mediumRemote Payloadmatched "curl " · package/generators/app/utils/serviceHelper.js

Scanned versions

VersionVerdictScoreScanned (UTC)
1.0.0-2Review242026-06-19
1.1.0Review242026-06-19

Block this in CI

PkgRadar gates @sap/generator-mdk (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @sap/[email protected]
Start free — 25 scans / moView full evidence
@sap/generator-mdk — npm security scan | PkgRadar