PkgRadar

npm · registry.npmjs.org

@lansisdev/gh-createpr

Remote Payload

Why PkgRadar flagged 1.4.4

SeveritySignalEvidence
mediumRemote Payloadpackage/dist/github.js

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
1.4.4Review122026-06-21
1.4.6Review122026-06-21
1.4.7Review122026-06-21
1.4.8Review122026-06-21

Block this in CI

PkgRadar gates @lansisdev/gh-createpr (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @lansisdev/[email protected]
Start free — 25 scans / moView full evidence