PkgRadar

npm · registry.npmjs.org

@thesvg/svelte

Remote Payload: matched "Curl "

Why PkgRadar flagged 3.0.5

SeveritySignalEvidence
mediumRemote Payloadmatched "Curl " · package/dist/index.js

Scanned versions

VersionVerdictScoreScanned (UTC)
3.0.12Low risk02026-06-08
3.0.11Low risk02026-06-08
3.0.9Low risk02026-05-27
3.0.10Low risk02026-05-27
3.0.5Review122026-05-25
3.0.6Review122026-05-25

Block this in CI

PkgRadar gates @thesvg/svelte (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @thesvg/[email protected]
Start free — 25 scans / moView full evidence