npm · registry.npmjs.org

mppx

Remote Payload: matched "cUrl "

Why PkgRadar flagged 0.6.27

Severity	Signal	Evidence
medium	Remote Payload	matched "cUrl " · package/dist/cli/cli.js
medium	Remote Payload	matched "cUrl " · package/dist/viem/Client.js
medium	Remote Payload	matched "cUrl " · package/dist/tempo/internal/defaults.js
medium	Remote Payload	matched "cUrl " · package/dist/cli/plugins/tempo.js
medium	Remote Payload	matched "cUrl " · package/dist/cli/utils.js
medium	Obfuscation Density	high encoded/escaped-token density · package/dist/cli/utils.js
medium	Remote Payload	matched "cUrl " · package/src/cli/cli.test.ts
medium	Remote Payload	matched "cUrl " · package/src/cli/cli.ts
medium	Remote Payload	matched "cUrl " · package/src/viem/Client.test.ts
medium	Remote Payload	matched "cUrl " · package/src/viem/Client.ts
medium	Remote Payload	matched "cUrl " · package/src/tempo/internal/defaults.ts
medium	Remote Payload	matched "cUrl " · package/src/client/internal/Fetch.test.ts

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.7.0`	Low risk	0	2026-06-11
`0.6.31`	Low risk	0	2026-06-11
`0.6.30`	Low risk	0	2026-06-04
`0.6.29`	Low risk	0	2026-06-02
`0.6.27`	Review	50	2026-05-24
`0.6.28`	Review	50	2026-05-24

Block this in CI

PkgRadar gates mppx (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]