PkgRadar

npm · registry.npmjs.org

qwc2

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged 2026.6.9

SeveritySignalEvidence
mediumRemote Payloadmatched "raw.githubusercontent.com" · package/utils/SearchProviders.js

Scanned versions

VersionVerdictScoreScanned (UTC)
2026.6.9Review32026-06-09
2026.6.4Review32026-06-04
2026.6.3Review32026-06-03
2026.5.28Review32026-05-28
2026.5.27Review32026-05-27
2026.5.26Review32026-05-26
2026.5.11Review32026-05-26
2026.5.25Review32026-05-26

Block this in CI

PkgRadar gates qwc2 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence