npm · registry.npmjs.org

hermes-native-bridge

Remote Payload: matched "curl "

Why PkgRadar flagged 0.1.13

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · package/script/bridge_ctl.sh
medium	Remote Payload	matched "curl " · package/script/ensure_bridge.sh
medium	Remote Payload	matched "curl " · package/script/setup_bridge_env.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.1.13`	Review	36	2026-06-06
`0.1.12`	Review	36	2026-06-06
`0.1.11`	Review	36	2026-06-04
`0.1.8`	Review	36	2026-06-04
`0.1.7`	Review	36	2026-06-04
`0.1.6`	Review	36	2026-06-03
`0.1.5`	Review	36	2026-06-03
`0.1.3`	Review	36	2026-06-03
`0.1.4`	Review	36	2026-06-03
`0.1.0`	Review	36	2026-06-03

Block this in CI

PkgRadar gates hermes-native-bridge (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]