PkgRadar

npm · registry.npmjs.org

delimit-cli

Remote Payload: matched "curl "

Why PkgRadar flagged 4.11.1

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · package/bin/delimit-setup.js
mediumCredential file accessmatched "GOOGLE_APPLICATION_CREDENTIALS" · package/gateway/ai/server.py
mediumCredential file accessmatched "aws_access_key" · package/gateway/ai/backends/tools_infra.py

Scanned versions

VersionVerdictScoreScanned (UTC)
4.11.1Review182026-06-17
4.11.0Review182026-06-17
4.10.0Review182026-06-16
4.9.0Review182026-06-15
4.8.0Review182026-06-10
4.7.10Review182026-06-09
4.7.9Review182026-06-09
4.7.7Review182026-06-09
4.7.8Review182026-06-09
4.7.6Review182026-06-09
4.7.5Review622026-06-08
4.7.4Review622026-06-08
4.7.3Review172026-06-04
4.7.2Review172026-06-04
4.7.1Review172026-06-04
4.7.0Review572026-06-04
4.6.1Review572026-05-30
4.6.2Review572026-05-30

Block this in CI

PkgRadar gates delimit-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence