Package evidence

[email protected]

Remote Payload: matched "cUrl "

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 378
Versions published: 156Mature · −50% score
First published: Oct 2023
Publisher: viragjain

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'

Publisherviragjain

Artifact bytes1,650,332

Previous version0.1.54

Published2026-05-21T10:26:01.908Z

SHA-256e1ee360f1a09227b34e2428caeb2b6a5317006189130b2f38ed30b994d5b6656

Why flagged

What the scanner saw

Remote Payload: matched "cUrl "

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

19d agoLast checked

reviewRisk

18Score

0.1.55Version

Status history (1 event)

new → available19d ago · risk review · score 18 · status changed

Evidence

Static findings

6 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
medium	Remote Payload	package/lib/src/lib/api/services/doctor.js	matched "cUrl "	12
medium	Remote Payload	package/lib/src/lib/api/services/log.js	matched "cUrl "	12

Show all 6 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
medium	Remote Payload	package/lib/src/lib/api/services/doctor.js	matched "cUrl "	12
medium	Remote Payload	package/lib/src/lib/api/services/log.js	matched "cUrl "	12
low	Obfuscation	package/lib/index.esm.js	matched "\\uFEFF"	3
low	Obfuscation	package/lib/index.js	matched "\\uFEFF"	3
low	Obfuscation	package/lib/src/components/Maps/InfoWindow.js	matched "\\u00A0"	3
low	Obfuscation	package/lib/src/components/DoctorProfile/Profile.js	matched "\\u00A0"	3

Manifest

Package metadata

Scripts7

buildtsc -p tsconfig.build.json && rollup -c
devvite
eslintnode node_modules/eslint/bin/eslint "src/**/*.{ts,tsx}"
eslint:fixnpm run eslint -- --fix
eslint:wwatchexec -w src "npm run eslint"
publishtsc
startvite

Dependencies24

@reduxjs/toolkit^1.9.5
@testing-library/jest-dom^5.16.5
@testing-library/react^14.0.0
@testing-library/user-event^13.5.0
@types/jest^27.4.0
@types/node^20.2.0
@types/react18.2.6
@types/react-dom18.2.4
@types/react-geocode^0.2.1
axios^1.14.0
bootstrap^5.3.2
react>=18.0.0 <20.0.0
react-bootstrap^2.8.0
react-dom>=18.0.0 <20.0.0
react-redux^8.1.2
redux^4.2.1
redux-persist^6.0.0
redux-thunk^2.4.2
sass^1.69.7
sha256^0.2.0
swiper^12.1.3
typescript^5.6.2
utif^3.1.0
utility-types^3.10.0