npm · registry.npmjs.org
@everymatrix/ufe-conf
Manifest Codeless Dependency Stub: package ships no JS/TS source but declares 21 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape
Why PkgRadar flagged 0.1.3
| Severity | Signal | Evidence |
|---|---|---|
| medium | Manifest Codeless Dependency Stub | package ships no JS/TS source but declares 21 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape · package.json |
| high | Remote Dependency Spec | dependencies.sass-lint="https://github.com/sasstools/sass-lint/#84868a1b08b5dcacce271a38730eda6924de7c24" · package.json |
| high | New Remote Dependency Vs Previous | dependencies.sass-lint added in 0.1.3 vs 0.1.2: "https://github.com/sasstools/sass-lint/#84868a1b08b5dcacce271a38730eda6924de7c24" · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.1.0 | Low risk | 0 | 2026-06-11 |
0.1.1 | Low risk | 0 | 2026-06-11 |
0.1.2 | Low risk | 0 | 2026-06-11 |
0.1.3 | High risk | 39 | 2026-06-11 |
Block this in CI
pkgradar gate --ecosystem npm @everymatrix/[email protected]