PkgRadar

npm · registry.npmjs.org

shennian

Remote Payload: matched "curl "

Why PkgRadar flagged 0.2.57

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · package/dist/src/agents/pi.js
mediumRemote Payloadmatched "cUrl " · package/dist/src/manager/runtime.js

Scanned versions

VersionVerdictScoreScanned (UTC)
0.2.93Low risk02026-06-17
0.2.92Low risk02026-06-17
0.2.91Low risk02026-06-17
0.2.90Low risk02026-06-12
0.2.89Low risk02026-06-12
0.2.88Low risk02026-06-11
0.2.87Low risk02026-06-10
0.2.86Low risk02026-06-07
0.2.84Low risk02026-06-07
0.2.85Low risk02026-06-07
0.2.83Low risk02026-06-07
0.2.77Low risk02026-06-05
0.2.78Low risk02026-06-05
0.2.76Low risk02026-06-05
0.2.74Low risk02026-06-04
0.2.75Low risk02026-06-04
0.2.73Low risk02026-06-04
0.2.72Low risk02026-06-02
0.2.71Low risk02026-06-02
0.2.69Low risk02026-06-02
0.2.68Low risk02026-05-30
0.2.67Low risk02026-05-30
0.2.66Low risk02026-05-30
0.2.65Low risk02026-05-29
0.2.64Low risk02026-05-29
0.2.62Low risk02026-05-27
0.2.63Low risk02026-05-27
0.2.58Low risk02026-05-26
0.2.57Review242026-05-25
0.2.56Review292026-05-25
0.2.55Review542026-05-24
0.2.54Review542026-05-24

Block this in CI

PkgRadar gates shennian (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence