npm · registry.npmjs.org
cawdex
Remote Payload: matched "raw.githubusercontent.com"
Why PkgRadar flagged 1.35.89
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/dist/tools/github-repo-digest.js |
| medium | Remote Payload | matched "curl " · package/resources/terminal_bench/setup.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.35.89 | Review | 20 | 2026-05-30 |
1.35.88 | Review | 20 | 2026-05-30 |
1.35.87 | Review | 20 | 2026-05-30 |
1.35.86 | Review | 20 | 2026-05-30 |
1.35.85 | Review | 20 | 2026-05-30 |
1.35.84 | Review | 20 | 2026-05-30 |
1.35.83 | Review | 20 | 2026-05-30 |
1.35.81 | Review | 29 | 2026-05-29 |
1.35.82 | Review | 29 | 2026-05-29 |
1.35.76 | Review | 44 | 2026-05-29 |
1.35.74 | Review | 44 | 2026-05-28 |
1.35.75 | Review | 44 | 2026-05-28 |
1.35.68 | Review | 44 | 2026-05-28 |
1.35.69 | Review | 44 | 2026-05-28 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]