PkgRadar

npm · registry.npmjs.org

@0x/monorepo-scripts

Remote Dependency Spec: dependencies.publish-release="https://github.com/0xProject/publish-release.git#3f8be1105a356527f4b362ff456d94bf9a82f2ed"

Why PkgRadar flagged 3.2.4

SeveritySignalEvidence
highRemote Dependency Specdependencies.publish-release="https://github.com/0xProject/publish-release.git#3f8be1105a356527f4b362ff456d94bf9a82f2ed" · package.json
mediumCredential file accessmatched ".npmrc" · package/lib/test_installation.js
mediumCredential file accessmatched ".npmrc" · package/src/test_installation.ts

Scanned versions

VersionVerdictScoreScanned (UTC)
3.2.4High risk162026-06-11
3.2.5High risk162026-06-11
3.2.6High risk162026-06-11
3.2.7High risk162026-06-11

Block this in CI

PkgRadar gates @0x/monorepo-scripts (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @0x/[email protected]
Start free — 25 scans / moView full evidence