npm · registry.npmjs.org

@classcad/skill

Remote Dependency Spec: devDependencies.@classcad/api-js="https://awvstatic.com/classcad/download/release/21.0.0/classcad-api-js-21.0.0.tgz"

Why PkgRadar flagged 0.0.2

Severity	Signal	Evidence
medium	Remote Dependency Spec	devDependencies.@classcad/api-js="https://awvstatic.com/classcad/download/release/21.0.0/classcad-api-js-21.0.0.tgz" · package.json
medium	New Remote Dependency Vs Previous	devDependencies.@classcad/api-js added in 0.0.2 vs 0.0.1: "https://awvstatic.com/classcad/download/release/21.0.0/classcad-api-js-21.0.0.tgz" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.0.1`	Low risk	0	2026-06-12
`0.0.2`	Review	16	2026-06-12

Block this in CI

PkgRadar gates @classcad/skill (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @classcad/[email protected]