PkgRadar

npm · registry.npmjs.org

@granite-js/mpack

Known Indicator Filename: package/dist/vendors/metro/src/shared/output/bundle.js

Why PkgRadar flagged 1.0.28

SeveritySignalEvidence
highKnown Indicator Filenamepackage/dist/vendors/metro/src/shared/output/bundle.js · package/dist/vendors/metro/src/shared/output/bundle.js

Scanned versions

VersionVerdictScoreScanned (UTC)
1.0.31Low risk02026-06-04
1.0.30Low risk02026-06-02
1.0.28Review132026-05-27
1.0.29Review132026-05-27

Block this in CI

PkgRadar gates @granite-js/mpack (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @granite-js/[email protected]
Start free — 25 scans / moView full evidence