PkgRadar

npm · registry.npmjs.org

next

Remote Payload: matched "github.com/FiloSottile/mkcert/releases/download"

Why PkgRadar flagged 16.3.0-canary.40

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/FiloSottile/mkcert/releases/download" · package/dist/esm/lib/mkcert.js
mediumRemote Payloadmatched "github.com/FiloSottile/mkcert/releases/download" · package/dist/lib/mkcert.js

Scanned versions

VersionVerdictScoreScanned (UTC)
16.3.0-canary.40Review72026-06-04
16.3.0-canary.39Review72026-06-03
16.3.0-canary.38Review72026-06-03
16.3.0-canary.37Review72026-06-02
16.2.7Review72026-06-01
15.5.19Review72026-06-01
14.2.35Review92026-06-01
15.5.15Review72026-06-01
15.5.18Review72026-06-01
16.2.6Review72026-05-31
16.3.0-canary.35Review72026-05-31
16.3.0-canary.36Review72026-05-31
15.1.7Review72026-05-30
16.3.0-canary.34Review72026-05-29
16.3.0-canary.33Review82026-05-29
16.3.0-canary.32Review632026-05-28
16.3.0-canary.31Review482026-05-28
16.3.0-canary.30Review482026-05-27
16.3.0-canary.28Review482026-05-26
16.3.0-canary.29Review482026-05-26

Block this in CI

PkgRadar gates next (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence