npm · registry.npmjs.org

@tscircuit/fake-snippets

Remote Payload: matched "cUrl "

Why PkgRadar flagged 0.0.215

Severity	Signal	Evidence
medium	Remote Payload	matched "cUrl " · package/dist/bundle.js
medium	Remote Dependency Spec	devDependencies.@tscircuit/fake-stripe="git+https://github.com/tscircuit/fake-stripe.git#f1a5b40" · package.json
medium	Remote Dependency Spec	devDependencies.@tscircuit/order-dialog="git+https://github.com/tscircuit/order-dialog.git#55a2839" · package.json
medium	Dependency Changed To Remote Vs Previous	devDependencies.@tscircuit/order-dialog changed to remote spec in 0.0.215 vs 0.0.214: "git+https://github.com/tscircuit/order-dialog.git#55a2839" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.0.215`	Review	36	2026-06-03
`0.0.213`	Review	14	2026-05-30
`0.0.214`	Review	14	2026-05-30
`0.0.211`	Review	14	2026-05-30
`0.0.212`	Review	14	2026-05-30
`0.0.216`	Review	14	2026-05-30

Block this in CI

PkgRadar gates @tscircuit/fake-snippets (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @tscircuit/[email protected]