npm · registry.npmjs.org
vibecarbon
Remote Payload: matched "curl "
Why PkgRadar flagged 0.5.1
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · package/carbon/cloud-init/k3s/master-init.sh |
| medium | Remote Payload | matched "curl " · package/carbon/cloud-init/k3s/supabase-init.sh |
| medium | Remote Payload | matched "curl " · package/carbon/k8s/test-local.sh |
| medium | Remote Payload | matched "curl " · package/carbon/cloud-init/k3s/worker-init.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.5.1 | Review | 62 | 2026-06-03 |
0.5.0 | Review | 62 | 2026-06-02 |
0.4.0 | Review | 50 | 2026-05-31 |
0.2.0 | Review | 50 | 2026-05-30 |
0.1.6 | Review | 66 | 2026-05-30 |
0.1.7 | Review | 46 | 2026-05-30 |
0.3.1 | Review | 50 | 2026-05-29 |
0.3.0 | Review | 50 | 2026-05-29 |
0.2.1 | Review | 142 | 2026-05-28 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]