PkgRadar

npm · registry.npmjs.org

patchcord

Remote Payload: matched "curl "

Why PkgRadar flagged 0.5.91

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · package/scripts/check-inbox.sh
mediumRemote Payloadmatched "curl " · package/scripts/codex-stop-hook.sh
mediumRemote Payloadmatched "curl " · package/scripts/kimi-stop-hook.sh
mediumRemote Payloadmatched "curl " · package/scripts/kimi-subscribe.sh
mediumRemote Payloadmatched "curl " · package/scripts/statusline.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
0.5.117Low risk02026-06-15
0.5.116Low risk02026-06-15
0.5.115Low risk02026-06-13
0.5.114Low risk02026-06-12
0.5.113Low risk02026-06-12
0.5.112Low risk02026-06-12
0.5.111Low risk02026-06-12
0.5.110Low risk02026-06-12
0.5.108Low risk02026-06-11
0.5.109Low risk02026-06-11
0.5.107Low risk02026-06-11
0.5.106Low risk02026-06-11
0.5.105Low risk02026-06-11
0.5.104Low risk02026-06-11
0.5.102Low risk02026-06-11
0.5.103Low risk02026-06-11
0.5.100Low risk02026-06-11
0.5.99Low risk02026-06-11
0.5.98Low risk02026-06-11
0.5.97Low risk02026-06-11
0.5.96Low risk02026-06-11
0.5.95Low risk02026-06-10
0.5.94Low risk02026-06-09
0.5.90Low risk02026-06-09
0.5.91Review502026-05-27
0.5.92Review502026-05-27
0.5.83Review502026-05-26
0.5.84Review352026-05-26
0.5.80Review502026-05-25
0.5.79Review352026-05-25
0.5.78Review502026-05-25
0.5.76Review352026-05-25
0.5.77Review352026-05-25
0.5.72Review802026-05-24
0.5.71Review802026-05-24
0.5.70Review802026-05-24
0.5.69Review802026-05-24
0.5.68Review802026-05-24
0.5.67Review802026-05-24
0.5.66Review802026-05-24
0.5.65Review782026-05-24
0.5.64Review782026-05-24

Block this in CI

PkgRadar gates patchcord (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence