PkgRadar

npm · registry.npmjs.org

@codecademy/gamut-kit

Manifest Codeless Dependency Stub: package ships no JS/TS source but declares 8 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape

Why PkgRadar flagged 2.0.1-alpha.2b0636.0

SeveritySignalEvidence
mediumManifest Codeless Dependency Stubpackage ships no JS/TS source but declares 8 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
2.0.1-alpha.2b0636.0Review42026-06-12
2.0.1-alpha.3a43b4.0Review42026-06-12
2.0.1-alpha.884c7d.0Review42026-06-10
2.0.0Review42026-06-10
2.0.1-alpha.c0c413.0Review42026-06-10
2.0.1-alpha.a03130.0Review42026-06-09
2.0.1-alpha.da9943.0Review42026-06-09
2.0.1-alpha.7bd0dc.0Review42026-06-08
2.0.1-alpha.3e5458.0Review42026-06-08
2.0.1-alpha.4a61f4.0Review42026-06-08
2.0.1-alpha.7d89cc.0Review42026-06-05
2.0.1-alpha.f8768f.0Review42026-06-05
2.0.1-alpha.27f621.0Review42026-06-05
2.0.1-alpha.2135a1.0Review42026-06-04
2.0.1-alpha.fd68e3.0Review42026-06-04
1.0.1-alpha.a0c1de.0Review42026-06-03
1.0.1-alpha.a2dd9b.0Review42026-06-03
0.6.598-alpha.feccd8.0Review42026-06-03
1.0.1-alpha.993599.0Review42026-06-01
1.0.1-alpha.5a599b.0Review42026-06-01
0.6.604-alpha.c9d73c.0Review42026-06-01
0.6.604-beta.pr3339.26761808883.0Review42026-06-01
0.6.603-alpha.506379.0Low risk02026-05-29
0.6.603-alpha.3fff46.0Low risk02026-05-29
0.6.602-alpha.1ea5a8.0Low risk02026-05-28
0.6.602Low risk02026-05-28
0.6.601-alpha.57e1cd.0Low risk02026-05-28
0.6.601-alpha.d1603c.0Low risk02026-05-27
0.6.601Low risk02026-05-27
0.6.600-alpha.d829f9.0Low risk02026-05-26
0.6.600Low risk02026-05-26

Block this in CI

PkgRadar gates @codecademy/gamut-kit (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @codecademy/[email protected]
Start free — 25 scans / moView full evidence