PkgRadar

npm · registry.npmjs.org

@shepai/cli

Remote Payload: matched "github.com/FiloSottile/mkcert/releases/download"

Why PkgRadar flagged 1.212.0-pr742.581ab3c

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/FiloSottile/mkcert/releases/download" · package/web/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_a16280448e60d7b6ad5f5da7b1546f1d/node_modules/next/dist/lib/mkcert.js

Scanned versions

VersionVerdictScoreScanned (UTC)
1.212.0-pr742.581ab3cReview222026-06-12
1.212.0-pr742.98c362cReview222026-06-12
1.212.0-pr742.cccc519Review152026-06-12
1.212.0Review62026-06-12
1.211.0-pr740.630d563Review152026-06-10
1.211.0Review52026-06-09
1.210.0-pr731.b7f3542Review112026-06-09
1.210.0-pr736.dc3b345Review112026-06-09
1.210.0-pr731.506f3dcReview112026-06-09
1.210.0-pr731.15809b1Review112026-06-09
1.210.0-pr731.c17b84dReview172026-06-09
1.210.0-pr731.3ec9395Review112026-06-09
1.210.0Review52026-06-09
1.209.2-pr628.5fcf3c2Review112026-06-09
1.209.2-pr731.2a9a77fReview172026-06-09
1.209.2Review52026-06-09
1.209.1-pr729.6b26cbfReview112026-06-08
1.209.1Review52026-06-08
1.209.0-pr628.e38a82eReview112026-06-07
1.209.0-pr719.f70337cReview112026-06-07
1.209.0Review52026-06-07
1.208.1-pr702.ef61f66Review112026-06-04
1.208.1-pr702.48e8ac5Review112026-06-04
1.208.1Review52026-06-01
1.208.0Review52026-05-31
1.207.0-pr698.829f865Review112026-05-31
1.207.0-pr698.323a6fcReview112026-05-31
1.207.0Review52026-05-31
1.206.2-pr698.076cc62Review112026-05-31
1.206.2-pr698.d3c6fefReview112026-05-31
1.206.2-pr697.176b2c9Review112026-05-31
1.206.2Review282026-05-28
1.206.1-pr670.fa17326Review842026-05-26
1.206.1-pr671.41e04adReview842026-05-26

Block this in CI

PkgRadar gates @shepai/cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @shepai/[email protected]
Start free — 25 scans / moView full evidence