npm · registry.npmjs.org
alchemylab-opencode
Remote Payload: matched "github.com/BurntSushi/ripgrep/releases/download"
Why PkgRadar flagged 1.0.16
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "github.com/BurntSushi/ripgrep/releases/download" · package/dist/chunk-5JK6OKSA.js |
| medium | Remote Payload | matched "github.com/BurntSushi/ripgrep/releases/download" · package/dist/chunk-F4FEYYJN.js |
| medium | Remote Payload | matched "github.com/BurntSushi/ripgrep/releases/download" · package/dist/chunk-GNXOGOVC.js |
| medium | Remote Payload | matched "github.com/BurntSushi/ripgrep/releases/download" · package/dist/chunk-L3MXQ7IO.js |
| medium | Remote Payload | matched "github.com/BurntSushi/ripgrep/releases/download" · package/dist/chunk-LFWHPFNU.js |
| medium | Remote Payload | matched "github.com/BurntSushi/ripgrep/releases/download" · package/dist/chunk-MMTZESVG.js |
| medium | Remote Payload | matched "github.com/BurntSushi/ripgrep/releases/download" · package/dist/chunk-QBFXKT25.js |
| medium | Remote Payload | matched "github.com/BurntSushi/ripgrep/releases/download" · package/dist/chunk-TREWRWAQ.js |
| medium | Remote Payload | matched "github.com/BurntSushi/ripgrep/releases/download" · package/dist/chunk-UKQIL5XA.js |
| medium | Remote Payload | matched "github.com/BurntSushi/ripgrep/releases/download" · package/dist/chunk-W7LNDS5C.js |
| medium | Remote Payload | matched "github.com/BurntSushi/ripgrep/releases/download" · package/dist/chunk-YRSS72CF.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.0.16 | Review | 100 | 2026-05-28 |
1.0.17 | Review | 100 | 2026-05-28 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]