PkgRadar

Pub (Dart) · pub.dev

pdf_manipulator

Dart Process Http Combo: Process spawn paired with HTTP fetch — typical fetch-and-run shape.

Why PkgRadar flagged 2.0.1

SeveritySignalEvidence
mediumDart Process Http ComboProcess spawn paired with HTTP fetch — typical fetch-and-run shape. · lib/src/hook/resolver.dart
mediumDart Process Base64 ComboProcess spawn paired with base64Decode — possible obfuscated payload. · tool/generate_fixtures.dart
mediumRemote Payloadmatched "github.com/$_repo/releases/download" · hook/build.dart

Scanned versions

VersionVerdictScoreScanned (UTC)
2.0.1Review482026-06-15
2.0.1-dev.0Review482026-06-15
2.0.0Review482026-06-14
2.0.0-dev.0Review482026-06-14
1.0.6Review302026-06-09
1.0.6-dev.0Review302026-06-09
1.0.5Review302026-06-05
1.0.5-dev.0Review302026-06-05
1.0.4-dev.0Review302026-06-05
1.0.4Review302026-06-05
1.0.3Review422026-06-05
1.0.3-dev.0Review422026-06-05
1.0.2Review422026-06-05
1.0.2-dev.0Review422026-06-05
1.0.1Review422026-06-05
1.0.0Review422026-06-03
1.0.0-dev.0Review422026-06-03

Block this in CI

PkgRadar gates pdf_manipulator (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pub [email protected]
Start free — 25 scans / moView full evidence