npm · registry.npmjs.org

cdk-common

Remote Payload: matched "curl "

Why PkgRadar flagged 2.1.58

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · package/node_modules/@aws-cdk/cfnspec/build-tools/update-cfnlint.sh
medium	Remote Payload	matched "curl " · package/node_modules/@aws-cdk/cfnspec/build-tools/update.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2.1.58`	Review	7	2026-06-17
`2.1.57`	Review	7	2026-06-16
`2.1.56`	Review	7	2026-06-14
`2.1.55`	Review	10	2026-05-27
`2.1.54`	Review	10	2026-05-26
`2.1.52`	Review	172	2026-05-25
`2.1.53`	Review	172	2026-05-25

Block this in CI

PkgRadar gates cdk-common (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]