npm · registry.npmjs.org
@kong-ui-public/sandbox-layout
Manifest Codeless Dependency Stub: package ships no JS/TS source but declares 1 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape
Why PkgRadar flagged 2.4.20-pr.3427.8158493e4.0
| Severity | Signal | Evidence |
|---|---|---|
| medium | Manifest Codeless Dependency Stub | package ships no JS/TS source but declares 1 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2.4.20-pr.3427.8158493e4.0 | Review | 4 | 2026-06-11 |
2.4.19-pr.3433.ac7561884.0 | Low risk | 0 | 2026-06-11 |
2.4.21 | Low risk | 0 | 2026-06-11 |
2.4.20-pr.3427.9fb2f6828.0 | Low risk | 0 | 2026-06-11 |
2.4.20 | Low risk | 0 | 2026-06-11 |
2.4.20-pr.3427.6cc7d12d7.0 | Review | 4 | 2026-06-11 |
2.4.20-pr.3427.6c3a3576f.0 | Low risk | 0 | 2026-06-11 |
2.4.19 | Low risk | 0 | 2026-06-11 |
2.4.19-pr.3433.53c6d54ea.0 | Low risk | 0 | 2026-06-11 |
2.4.19-pr.3430.a43440ebb.0 | Low risk | 0 | 2026-06-11 |
2.4.19-pr.3432.b9ce0b47b.0 | Low risk | 0 | 2026-06-11 |
2.4.18 | Low risk | 0 | 2026-06-09 |
2.4.18-pr.3399.1df23b327.0 | Low risk | 0 | 2026-06-02 |
2.4.16-pr.3374.ce2935a7a.0 | Low risk | 0 | 2026-06-02 |
2.4.18-pr.3399.a60102b91.0 | Low risk | 0 | 2026-06-01 |
2.4.16-pr.3374.531fd8d20.0 | Low risk | 0 | 2026-06-01 |
2.4.17 | Low risk | 0 | 2026-06-01 |
2.4.17-pr.3359.699076e04.0 | Low risk | 0 | 2026-06-01 |
2.4.16-pr.3375.b9741842d.0 | Low risk | 0 | 2026-05-28 |
2.4.16 | Low risk | 0 | 2026-05-28 |
2.4.15 | Low risk | 0 | 2026-05-27 |
2.4.16-pr.3365.d97891dff.0 | Low risk | 0 | 2026-05-27 |
Block this in CI
pkgradar gate --ecosystem npm @kong-ui-public/[email protected]