PkgRadar

npm · registry.npmjs.org

entro-scan

Remote Payload: matched "curl "

Why PkgRadar flagged 1.2.3

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · package/entro_scan/ai.py
mediumCredential file accessmatched "GITHUB_TOKEN" · package/entro_scan/cli.py
mediumCredential file accessmatched "github_token" · package/entro_scan/github.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.2.3Review372026-05-28
1.2.4Review372026-05-28
1.0.0Review52026-05-28
1.0.1Review52026-05-28

Block this in CI

PkgRadar gates entro-scan (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence