PkgRadar

npm · registry.npmjs.org

doc-detective

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged 4.13.0

SeveritySignalEvidence
mediumRemote Payloadmatched "raw.githubusercontent.com" · package/dist/agents/adapters/claude-code.js
mediumRemote Payloadmatched "raw.githubusercontent.com" · package/dist/agents/adapters/codex.js
mediumRemote Payloadmatched "raw.githubusercontent.com" · package/dist/agents/adapters/copilot-cli.js
mediumRemote Payloadmatched "raw.githubusercontent.com" · package/dist/agents/adapters/gemini-cli.js
mediumRemote Payloadmatched "raw.githubusercontent.com" · package/dist/agents/adapters/opencode.js
mediumRemote Payloadmatched "raw.githubusercontent.com" · package/dist/agents/adapters/qwen-code.js

Scanned versions

VersionVerdictScoreScanned (UTC)
4.13.0High risk272026-06-17
4.12.1High risk272026-06-17
4.12.0High risk272026-06-17
4.11.1High risk272026-06-16
4.11.0High risk272026-06-16
4.10.0High risk272026-06-15
4.10.0-per-run-html-report.1High risk272026-06-15
4.9.0-per-run-html-report.1High risk272026-06-15
4.9.0High risk272026-06-14
4.8.0High risk272026-06-14
4.7.0-runtime-dependency-detection.1High risk272026-06-13
4.7.0High risk272026-06-13
4.6.1High risk272026-06-11
4.0.0-beta.1Low risk02026-06-11
4.0.0-beta.1-dev.2Low risk02026-06-11
4.0.0-beta.1-dev.3Low risk02026-06-11
4.5.0High risk272026-06-11
4.6.0High risk272026-06-11
4.6.0-next.11High risk272026-06-10
4.6.0-next.10High risk272026-06-10
4.6.0-next.9High risk272026-06-10
4.6.0-next.8High risk272026-06-10
4.6.0-install-failure-log.1High risk272026-06-10
4.6.0-next.7High risk272026-06-10
4.6.0-postinstall-runtime-default.1High risk272026-06-10
4.6.0-typekeys-lazy-webdriverio.2High risk272026-06-10
4.6.0-typekeys-lazy-webdriverio.1High risk272026-06-10
4.6.0-next.6High risk272026-06-10
4.6.0-publish-manifest-before-read.2High risk272026-06-10
4.6.0-next.5High risk272026-06-10
4.6.0-publish-manifest-before-read.1High risk272026-06-10
4.6.0-next.4High risk272026-06-10
4.6.0-next.1High risk272026-06-10

Block this in CI

PkgRadar gates doc-detective (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence