npm · registry.npmjs.org
notfair-cmo
Remote Payload: matched "github.com/FiloSottile/mkcert/releases/download"
Why PkgRadar flagged 0.7.0
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "github.com/FiloSottile/mkcert/releases/download" · package/.next/standalone/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected][email protected][email protected][email protected]/node_modules/next/dist/lib/mkcert.js |
| medium | Remote Payload | matched "github.com/FiloSottile/mkcert/releases/download" · package/.next/standalone/node_modules/next/dist/lib/mkcert.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.7.0 | Review | 24 | 2026-06-06 |
0.6.0 | Review | 24 | 2026-06-06 |
0.4.0 | Review | 24 | 2026-06-01 |
0.3.0 | Review | 24 | 2026-06-01 |
0.1.0 | Review | 110 | 2026-05-28 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]