npm · registry.npmjs.org

crypto-quant-signal-mcp

Remote Payload: matched "api.telegram.org/bot"

Why PkgRadar flagged 1.19.1

Severity	Signal	Evidence
medium	Remote Payload	matched "api.telegram.org/bot" · package/dist/lib/telegram.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.19.1`	Review	17	2026-06-04
`1.20.0`	Review	17	2026-06-04
`1.19.0`	Review	17	2026-05-30
`1.18.1`	Low risk	0	2026-05-25
`1.18.2`	Low risk	0	2026-05-25

Block this in CI

PkgRadar gates crypto-quant-signal-mcp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]