npm · registry.npmjs.org
nabladown.js
Remote Payload: matched "cUrl "
Why PkgRadar flagged 4.1.4
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "cUrl " · package/dist/node/Lexer.js |
| medium | Remote Payload | matched "cUrl " · package/dist/web/Lexer.js |
| medium | Remote Payload | matched "cUrl " · package/dist/node/MathRender.js |
| medium | Remote Payload | matched "cUrl " · package/dist/web/MathRender.js |
| medium | Remote Payload | matched "cUrl " · package/dist/node/Parser.js |
| medium | Remote Payload | matched "cUrl " · package/dist/web/Parser.js |
| medium | Remote Payload | matched "cUrl " · package/dist/node/Render.js |
| medium | Remote Payload | matched "cUrl " · package/dist/web/Render.js |
| medium | Remote Payload | matched "cUrl " · package/src/Utils.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
4.1.8 | Low risk | 0 | 2026-05-31 |
4.1.7 | Low risk | 0 | 2026-05-30 |
4.1.6 | Low risk | 0 | 2026-05-30 |
4.1.4 | Review | 50 | 2026-05-24 |
4.1.5 | Review | 50 | 2026-05-24 |
Related campaigns
- pedroth — 2 releases, max score 80
Block this in CI
pkgradar gate --ecosystem npm [email protected]