npm · registry.npmjs.org

@duckduckgo/autoconsent

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged 14.95.0

Severity	Signal	Evidence
medium	Remote Payload	matched "raw.githubusercontent.com" · package/rules/build.ts
medium	Remote Dependency Spec	devDependencies.@duckduckgo/eslint-config="github:duckduckgo/eslint-config#v0.1.0" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`14.95.0`	Review	6	2026-06-13
`14.94.0`	Review	6	2026-06-13
`14.93.0`	Review	6	2026-06-10
`14.92.0`	Review	6	2026-06-09
`14.91.0`	Review	6	2026-06-06
`14.90.0`	Review	6	2026-06-05
`14.89.0`	Review	6	2026-06-04
`14.88.0`	Review	6	2026-06-03
`14.87.0`	Review	6	2026-06-03
`14.86.0`	Review	6	2026-06-02
`14.85.5`	Review	6	2026-06-01
`14.85.4`	Review	6	2026-05-31
`14.85.3`	Review	6	2026-05-30
`14.85.2`	Review	6	2026-05-29
`14.85.1`	Review	17	2026-05-28
`14.84.2`	Review	17	2026-05-27
`14.85.0`	Review	17	2026-05-27

Block this in CI

PkgRadar gates @duckduckgo/autoconsent (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @duckduckgo/[email protected]