Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@rh-support/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@rh-support/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Remote Payload: matched "cUrl "
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 12 · status changed
Evidence
Static findings
1 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Payload | package/paths.js | matched "cUrl " | 12 |
Manifest
Package metadata
Dependencies27
@babel/plugin-transform-runtime^7.15.0@babel/preset-env7.12.7@babel/preset-react^7.0.0babel-loader^9.1.2css-loader^6.8.1dotenv^6.2.0fork-ts-checker-webpack-plugin^8.0.0fs-extra^11.1.1glob^7.1.6html-webpack-injector^1.1.4html-webpack-plugin^5.5.3mini-css-extract-plugin^2.7.6null-loader^4.0.1path^0.12.7rimraf^5.0.1sass^1.79.4sass-loader^16.0.2source-map-loader^4.0.1style-loader^3.3.3thread-loader^4.0.2ts-loader^9.4.3typescript^5.3.3url^0.11.0url-loader^4.1.1webpack^5.87.0webpack-bundle-analyzer^4.9.0workbox-webpack-plugin^7.0.0