npm · registry.npmjs.org
braintrust
Remote Payload: matched "cUrl "
Why PkgRadar flagged 3.17.0
| Severity | Signal | Evidence |
|---|---|---|
| high | New Lifecycle Script Vs Previous | postinstall added in 3.17.0 vs 3.16.0: "node ./scripts/install.js" · package.json |
| medium | Remote Payload | matched "cUrl " · package/dist/browser.js |
| medium | Remote Payload | matched "cUrl " · package/dist/edge-light.js |
| medium | Remote Payload | matched "cUrl " · package/dist/workerd.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
3.17.0 | High risk | 81 | 2026-06-10 |
3.16.0 | Review | 10 | 2026-06-03 |
3.15.0 | Review | 10 | 2026-06-01 |
3.14.0 | Review | 10 | 2026-05-29 |
3.13.0 | Review | 14 | 2026-05-28 |
3.11.0 | Low risk | 0 | 2026-05-26 |
3.12.0 | Review | 14 | 2026-05-26 |
Campaign attribution
Block this in CI
pkgradar gate --ecosystem npm [email protected]