PkgRadar

npm · registry.npmjs.org

@shogo-ai/worker

Remote Payload: matched "github.com/shogo-ai/shogo/releases/download"

Why PkgRadar flagged 1.8.9

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/shogo-ai/shogo/releases/download" · package/src/lib/runtime-install.ts

Scanned versions

VersionVerdictScoreScanned (UTC)
1.11.7Low risk02026-06-12
1.11.6Low risk02026-06-12
1.11.5Low risk02026-06-12
1.11.4Low risk02026-06-12
1.11.3Low risk02026-06-11
1.11.2Low risk02026-06-11
1.11.1Low risk02026-06-10
1.11.0Low risk02026-06-09
1.10.12Low risk02026-06-09
1.10.11Low risk02026-06-09
1.10.10Low risk02026-06-08
1.10.9Low risk02026-06-08
1.10.8Low risk02026-06-06
1.10.7Low risk02026-06-06
1.10.6Low risk02026-06-06
1.10.5Low risk02026-06-06
1.10.4Low risk02026-06-05
1.10.3Low risk02026-06-05
1.10.2Low risk02026-06-05
1.10.1Low risk02026-06-05
1.9.9Low risk02026-06-03
1.9.8Low risk02026-06-02
1.9.7Low risk02026-06-01
1.9.6Low risk02026-06-01
1.9.5Low risk02026-06-01
1.9.4Low risk02026-06-01
1.9.3Low risk02026-05-31
1.9.2Low risk02026-05-31
1.9.1Low risk02026-05-30
1.9.0Low risk02026-05-30
1.8.23Low risk02026-05-29
1.8.22Low risk02026-05-29
1.8.21Low risk02026-05-29
1.8.19Low risk02026-05-29
1.8.20Low risk02026-05-29
1.8.18Low risk02026-05-29
1.8.17Low risk02026-05-28
1.8.16Low risk02026-05-28
1.8.15Low risk02026-05-28
1.8.14Low risk02026-05-27
1.8.12Low risk02026-05-27
1.8.13Low risk02026-05-27
1.8.11Low risk02026-05-26
1.8.9Review122026-05-24
1.8.10Review122026-05-24

Block this in CI

PkgRadar gates @shogo-ai/worker (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @shogo-ai/[email protected]
Start free — 25 scans / moView full evidence