PkgRadar

Package evidence

@okki-aireach/[email protected]

Remote Payload: matched "cUrl "

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@okki-aireach/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@okki-aireach/[email protected]"],"fail_on":"review"}'
Publisherokkiops
Artifact bytes38,388
Previous version0.1.1
Published2026-05-14T10:43:44.237Z
SHA-2568676bafa1b28ac77c7d3c6368cb400300e5c29e913fc3f8598b11058688fc725

Why flagged

What the scanner saw

Remote Payload: matched "cUrl "

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
12Score
0.1.2Version
Status history (1 event)
  1. newavailable · risk review · score 12 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumRemote Payloadpackage/dist/index.jsmatched "cUrl "12

Manifest

Package metadata

Scripts19
  • buildtsc -b
  • build:allbun run sync:crm-exported-tooling && bun run build && bun run test:go && bun run build:go && bun run build:go:matrix && bun run bundle:single-file && bun run bundle:native && bun run bundle:native:matrix && bun run prepare:platform-packages
  • build:gomkdir -p dist && go build -o ./dist/aireach-cli-go .
  • build:go:linux-arm64mkdir -p dist && GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -o ./dist/aireach-cli-go-linux-arm64 .
  • build:go:linux-x64mkdir -p dist && GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o ./dist/aireach-cli-go-linux-x64 .
  • build:go:matrixnode ./scripts/build-go-matrix.mjs
  • build:npmbun run embed:scenes && bun run build
  • build:platformsbun run test:go && bun run build:go:matrix && bun run prepare:platform-packages
  • build:publishbun run build:npm && bun run build:platforms
  • bundle:nativemkdir -p dist && bun build --compile ./src/index.ts --outfile ./dist/aireach-cli.native
  • bundle:native:matrixnode ./scripts/build-native-matrix.mjs
  • bundle:releasenode ./scripts/build-release.mjs
  • bundle:single-filemkdir -p dist && bun build ./src/index.ts --target=node --outfile ./dist/aireach-cli.single.js && chmod +x ./dist/aireach-cli.single.js
  • embed:scenesnode ./scripts/embed-scenes.mjs
  • prepackbun run build:npm
  • prepare:platform-packagesnode ./scripts/prepare-platform-packages.mjs
  • sync:crm-exported-toolingnode ./scripts/sync-crm-exported-tooling.mjs
  • test:gogo test ./...
  • typechecktsc -b --pretty false
Optional dependencies6
  • @okki-aireach/aireach-cli-darwin-arm640.1.2
  • @okki-aireach/aireach-cli-darwin-x640.1.2
  • @okki-aireach/aireach-cli-linux-arm640.1.2
  • @okki-aireach/aireach-cli-linux-x640.1.2
  • @okki-aireach/aireach-cli-windows-ia320.1.2
  • @okki-aireach/aireach-cli-windows-x640.1.2