Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@aztec/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@aztec/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Remote Payload: matched "cUrl "
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 72 · status changed
Evidence
Static findings
21 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Payload | package/l1-contracts/scripts/forge_broadcast.js | matched "cUrl " | 12 |
Show all 21 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Payload | package/l1-contracts/scripts/forge_broadcast.js | matched "cUrl " | 12 |
| low | Obfuscation | package/l1-contracts/out/CoinIssuer.sol/CoinIssuer.json | matched "\\u00d7" | 3 |
| low | Obfuscation | package/l1-contracts/out/EmpireBase.sol/EmpireBase.json | matched "\\u2264" | 3 |
| low | Obfuscation | package/l1-contracts/out/ERC20.sol/ERC20.json | matched "\\u2019" | 3 |
| low | Obfuscation | package/l1-contracts/out/candidateExit.t.sol/EscapeHatchCandidateExitTest.json | matched "\\u2192" | 3 |
| low | Obfuscation | package/l1-contracts/out/checkpointPruned.t.sol/EscapeHatchCheckpointPrunedTest.json | matched "\\u251c" | 3 |
| low | Obfuscation | package/l1-contracts/out/failedToPropose.t.sol/EscapeHatchFailedToProposeTest.json | matched "\\u251c" | 3 |
| low | Obfuscation | package/l1-contracts/out/governanceSignaling.t.sol/EscapeHatchGovernanceSignalingTest.json | matched "\\u251c" | 3 |
| low | Obfuscation | package/l1-contracts/out/happyPath.t.sol/EscapeHatchHappyPathTest.json | matched "\\u251c" | 3 |
| low | Obfuscation | package/l1-contracts/out/multipleCandidates.t.sol/EscapeHatchMultipleCandidatesTest.json | matched "\\u251c" | 3 |
| low | Obfuscation | package/l1-contracts/out/noCandidates.t.sol/EscapeHatchNoCandidatesTest.json | matched "\\u251c" | 3 |
| low | Obfuscation | package/l1-contracts/out/proofsNotSubmitted.t.sol/EscapeHatchProofsNotSubmittedTest.json | matched "\\u251c" | 3 |
| low | Obfuscation | package/l1-contracts/out/Governance.sol/Governance.json | matched "\\u2192" | 3 |
| low | Obfuscation | package/l1-contracts/out/draft-IERC6093.sol/IERC1155Errors.json | matched "\\u2019" | 3 |
| low | Obfuscation | package/l1-contracts/out/draft-IERC6093.sol/IERC20Errors.json | matched "\\u2019" | 3 |
| low | Obfuscation | package/l1-contracts/out/draft-IERC6093.sol/IERC721Errors.json | matched "\\u2019" | 3 |
| low | Obfuscation | package/l1-contracts/out/tmnt331.t.sol/OddERC20.json | matched "\\u2019" | 3 |
| low | Obfuscation | package/l1-contracts/out/ProposalLib.sol/ProposalLib.json | matched "\\u2265" | 3 |
| low | Obfuscation | package/l1-contracts/out/TestERC20.sol/TestERC20.json | matched "\\u2019" | 3 |
| low | Obfuscation | package/l1-contracts/out/TestGov.sol/TestGov.json | matched "\\u2192" | 3 |
| low | Obfuscation | package/l1-contracts/out/Vm.sol/Vm.json | matched "\\u222a" | 3 |
Manifest
Package metadata
Scripts7
buildyarn clean && yarn generate && ../scripts/tsc.shcleanrm -rf ./dest ./generated .tsbuildinfocopy-artifactsbash scripts/copy-foundry-artifacts.shformattingrun -T prettier --check ./generated && run -T eslint ./generatedformatting:fixrun -T prettier -w ./generatedgenerateyarn copy-artifacts && yarn generate:l1-contractsgenerate:l1-contractsbash scripts/generate-artifacts.sh
Dependencies1
tslib^2.4.0