PkgRadar

npm · registry.npmjs.org

livepilot

Remote Payload: matched "curl "

Why PkgRadar flagged 1.26.0

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · package/bin/livepilot.js
mediumObfuscation Densityhigh encoded/escaped-token density · package/mcp_server/atlas/device_techniques_index.json
mediumObfuscation Densityhigh encoded/escaped-token density · package/mcp_server/splice_client/protos/app_pb2.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.26.2Low risk02026-05-27
1.26.0Review122026-05-24
1.26.1Review122026-05-24

Related campaigns

Block this in CI

PkgRadar gates livepilot (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence