npm · registry.npmjs.org
intl-tel-input
Remote Payload: matched "wget "
Why PkgRadar flagged 19.5.6
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "wget " · package/third_party/libphonenumber/java/script/download-junit-jars.sh |
| medium | Remote Dependency Spec | devDependencies.region-flags="https://github.com/fonttools/region-flags/archive/refs/tags/1.2.1.tar.gz" · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
19.5.6 | Review | 6 | 2026-06-13 |
19.5.5 | Review | 6 | 2026-06-13 |
29.1.0 | Low risk | 0 | 2026-06-13 |
19.5.7 | Review | 6 | 2026-06-13 |
29.0.5 | Low risk | 0 | 2026-06-05 |
29.0.4 | Low risk | 0 | 2026-05-30 |
29.0.3 | Low risk | 0 | 2026-05-28 |
29.0.1 | Low risk | 0 | 2026-05-28 |
29.0.2 | Low risk | 0 | 2026-05-28 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]