PkgRadar

npm · registry.npmjs.org

@cleocode/brain

Manifest Codeless Dependency Stub: package ships no JS/TS source but declares 3 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape

Why PkgRadar flagged 2026.6.15

SeveritySignalEvidence
mediumManifest Codeless Dependency Stubpackage ships no JS/TS source but declares 3 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
2026.6.18Low risk02026-06-13
2026.6.17Low risk02026-06-12
2026.6.15Review42026-06-12
2026.6.14Review42026-06-10
2026.6.13Review42026-06-09
2026.6.12Review42026-06-07
2026.6.11Review42026-06-07
2026.6.10Review42026-06-06
2026.6.9Review42026-06-06
2026.6.8Review42026-06-06
2026.6.7Review42026-06-05
2026.6.6Review42026-06-04
2026.6.5Review42026-06-04
2026.6.4Review42026-06-04
2026.6.3Review42026-06-03
2026.6.2Review42026-06-03
2026.6.1Review42026-06-03
2026.6.0Review42026-06-03
2026.5.134Review42026-05-31
2026.5.133Review42026-05-31
2026.5.132Review42026-05-31
2026.5.131Review42026-05-31
2026.5.130Low risk02026-05-30
2026.5.129Low risk02026-05-28
2026.5.128Low risk02026-05-28
2026.5.127Low risk02026-05-28
2026.5.126Low risk02026-05-27
2026.5.125Low risk02026-05-27
2026.5.123Low risk02026-05-27
2026.5.124Low risk02026-05-27
2026.5.122Low risk02026-05-25
2026.5.121Low risk02026-05-24
2026.5.120Low risk02026-05-24
2026.5.114Low risk02026-05-24
2026.5.113Low risk02026-05-24
2026.5.112Low risk02026-05-24
2026.5.111Low risk02026-05-24

Block this in CI

PkgRadar gates @cleocode/brain (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @cleocode/[email protected]
Start free — 25 scans / moView full evidence