npm · registry.npmjs.org
useful-source-codes
Remote Payload: matched "wget "
Why PkgRadar flagged 1.0.3
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "wget " · package/srcs/picom-13/.github/workflows/codeql-analysis.yml |
| medium | Remote Payload | matched "curl " · package/srcs/picom-13/.circleci/config.yml |
| medium | Remote Payload | matched "wget " · package/srcs/flameshot-13.3.0/.github/workflows/Linux-pack.yml |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.0.3 | Review | 36 | 2026-05-27 |
1.0.1 | Review | 27 | 2026-05-26 |
1.0.2 | Review | 24 | 2026-05-26 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]