npm · registry.npmjs.org
loopuman-production
Remote Payload: matched "api.telegram.org/bot"
Why PkgRadar flagged 4.0.0
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "api.telegram.org/bot" · package/services/admin-alerts.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/scheduler_competition_addition.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/scheduler.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/backups-20260209/whatsapp-bot.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/backups/20260209/whatsapp-bot.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/tmp/whatsapp-bot.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/whatsapp-bot.js |
| medium | Remote Payload | matched "curl " · package/deploy-seo.sh |
| medium | Remote Payload | matched "curl " · package/test-everything.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
4.0.0 | Review | 114 | 2026-06-09 |
4.0.2 | Review | 150 | 2026-06-09 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]