PkgRadar

npm · registry.npmjs.org

social-autoposter

Remote Payload: matched "curl "

Why PkgRadar flagged 1.6.64

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · package/bin/cli.js
mediumRemote Payloadmatched "curl " · package/skill/link-edit-github.sh
mediumRemote Payloadmatched "curl " · package/skill/link-edit-moltbook.sh
mediumRemote Payloadmatched "curl " · package/skill/lock.sh
mediumRemote Payloadmatched "curl " · package/skill/prewarm-funnel.sh
mediumRemote Payloadmatched "curl " · package/skill/lib/reddit-backend.sh
mediumRemote Payloadmatched "curl " · package/skill/run-twitter-cycle.sh
mediumRemote Payloadmatched "curl " · package/skill/lib/twitter-backend.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
1.6.64Review502026-06-05
1.6.63Review502026-06-05
1.6.62Review502026-06-05
1.6.61Review352026-06-05
1.6.60Review352026-06-05
1.6.59Review352026-06-05
1.6.58Review352026-06-05
1.6.57Review352026-06-05
1.6.56Review352026-06-04
1.6.54Review502026-06-04
1.6.53Review502026-06-04
1.6.52Review352026-06-04
1.6.51Review352026-06-03
1.6.49Review352026-06-03
1.6.50Review502026-06-03
1.6.47Review352026-06-03
1.6.48Review352026-06-03
1.6.46Review502026-06-03
1.6.45Review502026-06-03
1.6.44Review502026-06-03
1.6.43Review502026-06-03
1.6.42Review502026-06-03
1.6.41Review502026-06-03
1.6.39Review502026-06-03
1.6.40Review502026-06-03
1.6.38Review502026-06-03
1.6.37Review502026-06-03
1.6.36Review502026-06-03
1.6.35Review502026-06-02
1.6.33Review502026-06-02
1.6.34Review502026-06-02
1.6.27Review502026-06-02
1.6.28Review502026-06-02
1.6.19Review502026-06-02
1.6.18Review502026-06-02
1.6.16Review352026-05-27
1.6.17Review352026-05-27

Block this in CI

PkgRadar gates social-autoposter (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence