npm · registry.npmjs.org

passbolt-styleguide

Remote Payload: matched "curl "

Why PkgRadar flagged 5.14.0-alpha.2

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · package/ci-scripts/bin/slack-status-messages.sh
medium	Remote Dependency Spec	dependencies.react-list="github:passbolt/react-list#v0.8.18" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`5.14.0-alpha.2`	Review	7	2026-06-12
`5.13.0`	Review	7	2026-06-09
`5.13.0-alpha.8`	Review	7	2026-06-05
`5.13.0-alpha.7`	Review	7	2026-06-04
`5.13.0-alpha.6`	Review	7	2026-05-29
`5.13.0-alpha.5`	Review	7	2026-05-28
`5.13.0-alpha.3`	Review	24	2026-05-27
`5.13.0-alpha.0`	Review	24	2026-05-27
`5.13.0-alpha.2`	Review	24	2026-05-27

Block this in CI

PkgRadar gates passbolt-styleguide (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]