PkgRadar

npm · registry.npmjs.org

@viniciuscarvalho/monozukuri

Remote Payload: matched "curl "

Why PkgRadar flagged 2.2.2-alpha.1

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · package/lib/run/local-model.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
2.2.2-alpha.1Review172026-05-29
1.61.0Review172026-05-28
2.1.0-alpha.1Review292026-05-28

Block this in CI

PkgRadar gates @viniciuscarvalho/monozukuri (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @viniciuscarvalho/[email protected]
Start free — 25 scans / moView full evidence