PkgRadar

npm · registry.npmjs.org

rhachet-roles-ehmpathy

Remote Payload: matched "curl "

Why PkgRadar flagged 1.35.14

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · package/dist/domain.roles/mechanic/skills/get.package.docs.sh
mediumRemote Payloadmatched "curl " · package/dist/domain.roles/mechanic/skills/set.package/set.package.operations.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
1.35.14Review112026-06-13
1.35.13Review112026-06-12
1.35.12Review112026-06-01
1.35.11Review112026-05-30
1.35.10Review112026-05-29
1.35.8Review82026-05-29
1.35.9Review82026-05-29

Block this in CI

PkgRadar gates rhachet-roles-ehmpathy (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence