npm · registry.npmjs.org

@tyroneross/build-loop

Remote Payload: matched "curl "

Why PkgRadar flagged 0.30.3

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · package/hooks/_session_start_lib.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.30.3`	Review	12	2026-06-12

Block this in CI

PkgRadar gates @tyroneross/build-loop (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @tyroneross/[email protected]