PkgRadar

npm · registry.npmjs.org

@handsontable/js-xlsx

Remote Dependency Spec: dependencies.from-xml="git+https://github.com/handsontable/from-xml.git"

Why PkgRadar flagged 100.0.12-d0a70e4

SeveritySignalEvidence
mediumRemote Dependency Specdependencies.from-xml="git+https://github.com/handsontable/from-xml.git" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
100.0.12-d0a70e4Review62026-06-16
100.0.13Review62026-06-16
100.0.13-7a1c458Review62026-06-16
100.0.13-ff6e7dcReview62026-06-16

Block this in CI

PkgRadar gates @handsontable/js-xlsx (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @handsontable/[email protected]
Start free — 25 scans / moView full evidence