npm · registry.npmjs.org

maestro-flow

Known Indicator Filename: package/dashboard/dist-server/dashboard/src/server/routes/execution.js

Why PkgRadar flagged 0.4.19

Severity	Signal	Evidence
high	Known Indicator Filename	package/dashboard/dist-server/dashboard/src/server/routes/execution.js · package/dashboard/dist-server/dashboard/src/server/routes/execution.js
high	Known Indicator Filename	package/dashboard/dist-server/src/server/routes/execution.js · package/dashboard/dist-server/src/server/routes/execution.js
medium	Remote Payload	matched "github.com/ryanoasis/nerd-fonts/releases/download" · package/dist/src/commands/font-guide.js
medium	Remote Payload	matched "cUrl " · package/dashboard/dist-server/dashboard/src/server/agents/gemini-a2a-adapter.js
medium	Remote Payload	matched "cUrl " · package/dashboard/dist-server/src/server/agents/gemini-a2a-adapter.js
medium	Obfuscation Density	high encoded/escaped-token density · package/dist/src/commands/hooks.js
medium	Obfuscation Density	high encoded/escaped-token density · package/dist/src/commands/spec.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.5.3`	Low risk	0	2026-06-17
`0.5.2`	Low risk	0	2026-06-11
`0.5.1`	Low risk	0	2026-06-10
`0.5.0`	Low risk	0	2026-06-10
`0.4.26`	Low risk	0	2026-06-08
`0.4.25`	Low risk	0	2026-06-05
`0.4.24`	Low risk	0	2026-06-01
`0.4.23`	Low risk	0	2026-05-31
`0.4.22`	Low risk	0	2026-05-31
`0.4.21`	Low risk	0	2026-05-30
`0.4.20`	Low risk	0	2026-05-30
`0.4.19`	Review	126	2026-05-25
`0.4.17`	Review	126	2026-05-24
`0.4.18`	Review	126	2026-05-24

Related campaigns

Block this in CI

PkgRadar gates maestro-flow (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]