npm · registry.npmjs.org

@bondsports/calendar

Manifest Codeless Dependency Stub

Why PkgRadar flagged 3.0.15-noam

Severity	Signal	Evidence
medium	Manifest Codeless Dependency Stub	—

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.1.8`	Low risk	0	2026-06-28
`1.2.1-yoav52`	Low risk	0	2026-06-28
`1.2.1-yoav54`	Low risk	0	2026-06-28
`3.0.15-noam`	Review	7	2026-06-28
`3.0.17`	Low risk	0	2026-06-28
`3.0.18`	Low risk	0	2026-06-28
`3.0.19`	Low risk	0	2026-06-28
`3.0.19-gitty`	Low risk	0	2026-06-28

Block this in CI

PkgRadar gates @bondsports/calendar (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @bondsports/[email protected]