PkgRadar

Package evidence

@hanzogui/[email protected]

Remote Payload: matched "curl "

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@hanzogui/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@hanzogui/[email protected]"],"fail_on":"review"}'
Publisherzeekay
Artifact bytes8,469,980
Previous version3.0.6
Published2026-04-08T02:03:04.526Z
SHA-2566e04c13cf3b5a05f983d25b707b9b7737da2fb5122dabf8fea9b5328c7621125

Why flagged

What the scanner saw

Remote Payload: matched "curl "

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
18Score
4.3.1Version
Status history (1 event)
  1. newavailable · risk review · score 18 · status changed

Evidence

Static findings

3 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumRemote Payloadpackage/run-detox.shmatched "curl "12
Show all 3 findings (low-signal and informational)
SeverityKindPathDetailPoints
mediumRemote Payloadpackage/run-detox.shmatched "curl "12
lowObfuscationpackage/.gui/gui.config.cjsmatched "\\u274C"3
lowObfuscationpackage/run-tests-parallel.tsmatched "\\x1b"3

Manifest

Package metadata

Scripts31
  • androidEXPO_NO_TELEMETRY=true expo run:android
  • detox:build:androiddetox build -c android.emu.debug
  • detox:build:iosbun run pod && detox build -c ios.sim.debug
  • detox:run:android./run-detox.sh android
  • detox:run:ios./run-detox.sh ios
  • ejectEXPO_NO_TELEMETRY=true expo eject
  • iosbun run pod && EXPO_NO_TELEMETRY=true expo run:ios
  • ios:prodbun run ios --configuration Release
  • pod./pod-install.sh
  • prod:webNODE_ENV=production webpack --json=dist/compilation-stats.json
  • screenshotnode -r esbuild-register ../../node_modules/.bin/playwright test --config ./playwright-screenshot.config.ts
  • startEXPO_NO_TELEMETRY=true expo start --dev-client --offline
  • start:androidbun run start --android
  • start:cleanwatchman watch-del-all & rm -r $TMPDIR/metro-cache & bun run start -c
  • start:extractGUI_OPTIMIZE_NATIVE_VIEWS=1 GUI_ENABLE_DYNAMIC_LOAD=1 bun run start
  • start:guitama dev
  • start:iosbun run start --ios
  • start:oneone dev
  • start:prodDISABLE_EXTRACTION=false GUI_ENABLE_DYNAMIC_LOAD=1 expo start --dev-client --offline --no-dev --minify
  • start:webDISABLE_EXTRACTION=true NODE_ENV=development webpack serve
  • start:web:extractDISABLE_EXTRACTION=false NODE_ENV=development webpack serve
  • start:web:prodNODE_ENV=production webpack serve
  • testbun run test:web && ./run-native-tests.sh
  • test:nativebun run test:native:ios && bun run test:native:maestro
  • test:native:androidbun run ../packages/native-ci/src/cli.ts test android --project-root .
  • test:native:iosbun run ../packages/native-ci/src/cli.ts test ios --project-root .
  • test:native:maestrobun run ../packages/native-ci/src/cli.ts test maestro --project-root .
  • test:webbun run-tests-parallel.ts
  • test:web:debugNODE_ENV=test node -r esbuild-register ../../node_modules/.bin/playwright test --debug
  • test:web:driverNODE_ENV=test node -r esbuild-register ../../node_modules/.bin/playwright test
  • …and 1 more.
Dependencies54
  • @dominicstop/ts-event-emitter1.1.0
  • @hanzo/gui4.3.0
  • @hanzogui/animations-css3.0.6
  • @hanzogui/animations-motion3.0.6
  • @hanzogui/animations-react-native3.0.6
  • @hanzogui/animations-reanimated3.0.6
  • @hanzogui/colors3.0.6
  • @hanzogui/config3.0.6
  • @hanzogui/constants3.0.6
  • @hanzogui/core3.0.6
  • @hanzogui/demos3.0.6
  • @hanzogui/font-inter3.0.6
  • @hanzogui/get-token3.0.6
  • @hanzogui/lucide-icons-23.0.6
  • @hanzogui/native3.0.6
  • @hanzogui/sandbox-ui3.0.6
  • @hanzogui/shorthands3.0.6
  • @hanzogui/theme3.0.6
  • @hanzogui/themes3.0.6
  • @hanzogui/web3.0.6
  • @react-native-async-storage/async-storage2.2.0
  • @react-native-menu/menu^2.0.0
  • @react-navigation/native^7.0.14
  • @react-navigation/native-stack^7.2.0
  • @shopify/restyle^2.4.4
  • burnt^0.12.2
  • expo~55.0.6
  • expo-constants~55.0.7
  • expo-document-picker~55.0.8
  • expo-font~55.0.4
  • …and 24 more.