npm · registry.npmjs.org

@tomo-inc/wallet-adaptor-base

Remote Payload: matched "cUrl "

Why PkgRadar flagged 0.0.21

Severity	Signal	Evidence
medium	Remote Payload	matched "cUrl " · package/dist/index.cjs
medium	Remote Payload	matched "cUrl " · package/dist/index.js
medium	Remote Payload	matched "cUrl " · package/src/wallet-api/balance.ts

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.0.24`	Low risk	0	2026-05-27
`0.0.23`	Low risk	0	2026-05-27
`0.0.21`	Review	36	2026-05-25
`0.0.22`	Review	36	2026-05-25

Block this in CI

PkgRadar gates @tomo-inc/wallet-adaptor-base (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @tomo-inc/[email protected]