npm · registry.npmjs.org
trellis
Remote Payload: matched "curl "
Why PkgRadar flagged 3.1.26
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · package/dist/index-wt8rz4gn.js |
| medium | Obfuscation Density | high encoded/escaped-token density · package/dist/cli/index.js |
| medium | Remote Payload | matched "curl " · package/bin/trellis.mjs |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.0.2 | Low risk | 0 | 2026-06-12 |
3.2.3 | Low risk | 0 | 2026-06-12 |
3.2.2 | Low risk | 0 | 2026-06-10 |
1.0.1 | Low risk | 0 | 2026-06-10 |
1.0.4 | Low risk | 0 | 2026-06-10 |
1.0.6 | Low risk | 0 | 2026-06-10 |
3.2.0 | Low risk | 0 | 2026-06-09 |
3.1.35 | Low risk | 0 | 2026-05-30 |
3.1.34 | Low risk | 0 | 2026-05-30 |
3.1.33 | Low risk | 0 | 2026-05-30 |
3.1.31 | Low risk | 0 | 2026-05-28 |
3.1.30 | Low risk | 0 | 2026-05-27 |
3.1.26 | Review | 24 | 2026-05-24 |
3.1.20 | Review | 24 | 2026-05-24 |
3.1.15 | Review | 24 | 2026-05-24 |
3.1.19 | Review | 24 | 2026-05-24 |
Related campaigns
- turtle.tech — 7 releases, max score 253
Block this in CI
pkgradar gate --ecosystem npm [email protected]