PkgRadar

npm · registry.npmjs.org

verbalcoding

Remote Payload: matched "curl "

Why PkgRadar flagged 0.2.13

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspostinstall added in 0.2.13 vs 0.2.12: "node scripts/postinstall.mjs" · package.json
mediumRemote Payloadmatched "curl " · package/run.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
0.2.13High risk572026-06-10
0.2.12Review362026-05-25

Campaign attribution

Part of the asteroiddao npm campaign campaign.

Related campaigns

Block this in CI

PkgRadar gates verbalcoding (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence
verbalcoding — npm security scan | PkgRadar