npm · registry.npmjs.org
@synap-core/cli
Remote Payload: matched "curl "
Why PkgRadar flagged 1.8.0
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · package/dist/commands/init.js |
| medium | Remote Payload | matched "curl " · package/dist/lib/openclaw.js |
| medium | Remote Payload | matched "curl " · package/dist/lib/pod.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.8.0 | Review | 36 | 2026-06-15 |
1.7.0 | Review | 36 | 2026-06-06 |
1.6.1 | Review | 36 | 2026-06-04 |
1.6.0 | Review | 36 | 2026-06-04 |
1.2.1 | Review | 36 | 2026-06-03 |
1.5.0 | Review | 36 | 2026-06-03 |
Block this in CI
pkgradar gate --ecosystem npm @synap-core/[email protected]