npm · registry.npmjs.org
contract.dev
Remote Payload: matched "cUrl "
Why PkgRadar flagged 0.4.0
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "cUrl " · package/dist/cli/config.js |
| medium | Remote Payload | matched "cUrl " · package/dist/cli/commands/function-override.js |
| medium | Remote Payload | matched "cUrl " · package/dist/cli/commands/generate-wallet.js |
| medium | Remote Payload | matched "cUrl " · package/dist/index.js |
| medium | Remote Payload | matched "cUrl " · package/dist/cli/commands/init-workspaces.js |
| medium | Remote Payload | matched "cUrl " · package/dist/cli/commands/track.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.6.1 | Low risk | 0 | 2026-06-15 |
0.6.0 | Low risk | 0 | 2026-06-05 |
0.4.0 | Review | 50 | 2026-05-25 |
0.5.0 | Review | 50 | 2026-05-25 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]