PkgRadar

npm · registry.npmjs.org

viem

Remote Payload: matched "cUrl "

Why PkgRadar flagged 2.50.4

SeveritySignalEvidence
mediumRemote Payloadmatched "cUrl " · package/_cjs/actions/index.js
mediumRemote Payloadmatched "cUrl " · package/_esm/actions/index.js
mediumObfuscation Densityhigh encoded/escaped-token density · package/_esm/account-abstraction/actions/bundler/prepareUserOperation.js
mediumRemote Payloadmatched "cUrl " · package/_cjs/actions/test/reset.js
mediumRemote Payloadmatched "cUrl " · package/_esm/actions/test/reset.js
mediumRemote Payloadmatched "cUrl " · package/_cjs/actions/test/setRpcUrl.js
mediumRemote Payloadmatched "cUrl\n " · package/_esm/actions/test/setRpcUrl.js
mediumRemote Payloadmatched "cUrl " · package/_esm/clients/decorators/test.js
mediumRemote Payloadmatched "cUrl " · package/_cjs/tempo/zones/zone.js
mediumRemote Payloadmatched "cUrl " · package/_esm/tempo/zones/zone.js
mediumObfuscation Densityhigh encoded/escaped-token density · package/trusted-setups/mainnet.json
mediumObfuscation Densityhigh encoded/escaped-token density · package/trusted-setups/minimal.json

Scanned versions

VersionVerdictScoreScanned (UTC)
2.52.2Low risk02026-06-04
2.52.0Low risk02026-06-01
2.51.3Low risk02026-05-28
2.51.2Low risk02026-05-27
2.50.4Review502026-05-25
2.51.0Review502026-05-25

Block this in CI

PkgRadar gates viem (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence
viem — npm security scan | PkgRadar