PkgRadar

npm · registry.npmjs.org

@evfrenkel/decap-cms-core

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged 3.13.0-image-conversions.6

SeveritySignalEvidence
mediumRemote Payloadmatched "raw.githubusercontent.com" · package/dist/@evfrenkel/decap-cms-core.js
mediumRemote Payloadmatched "raw.githubusercontent.com" · package/dist/decap-cms-core.js

Scanned versions

VersionVerdictScoreScanned (UTC)
3.13.0-image-conversions.6Review242026-06-06
3.13.0-image-conversions.5Review242026-06-06
3.13.0-image-conversions.2Review242026-06-06
3.13.0-image-conversions.0Review242026-06-06
3.13.0-image-conversions.1Review242026-06-06

Block this in CI

PkgRadar gates @evfrenkel/decap-cms-core (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @evfrenkel/[email protected]
Start free — 25 scans / moView full evidence