PkgRadar

npm · registry.npmjs.org

mox-cli

Remote Payload: matched "CURL "

Why PkgRadar flagged 8.0.1

SeveritySignalEvidence
mediumRemote Payloadmatched "CURL " · package/src/lib/core.sh
mediumRemote Payloadmatched "curl " · package/src/lib/lyrics.sh
mediumRemote Payloadmatched "curl " · package/src/lib/queue.sh
mediumRemote Payloadmatched "curl " · package/src/lib/search.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
8.0.1High risk532026-06-06
7.2.2Review172026-06-06
8.0.0High risk532026-06-06

Block this in CI

PkgRadar gates mox-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence
mox-cli — npm security scan | PkgRadar