npm · registry.npmjs.org
@loczer/storefront-sdk
Manifest Codeless Dependency Stub: package ships no JS/TS source but declares 16 dependency(ies) (4 with loose/empty version specs) — dependency-confusion / install-chain loader shape
Why PkgRadar flagged 0.148.0
| Severity | Signal | Evidence |
|---|---|---|
| medium | Manifest Codeless Dependency Stub | package ships no JS/TS source but declares 16 dependency(ies) (4 with loose/empty version specs) — dependency-confusion / install-chain loader shape · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.159.0 | Low risk | 0 | 2026-06-12 |
0.158.0 | Low risk | 0 | 2026-06-12 |
0.157.0 | Low risk | 0 | 2026-06-12 |
0.156.0 | Low risk | 0 | 2026-06-12 |
0.154.0 | Low risk | 0 | 2026-06-12 |
0.155.0 | Low risk | 0 | 2026-06-12 |
0.153.0 | Low risk | 0 | 2026-06-11 |
0.152.0 | Low risk | 0 | 2026-06-11 |
0.151.0 | Low risk | 0 | 2026-06-11 |
0.150.0 | Low risk | 0 | 2026-06-10 |
0.149.0 | Low risk | 0 | 2026-06-10 |
0.148.0 | Review | 4 | 2026-06-09 |
0.147.0 | Review | 4 | 2026-06-09 |
0.145.0 | Review | 4 | 2026-06-09 |
0.146.0 | Review | 4 | 2026-06-09 |
0.144.0 | Review | 4 | 2026-06-09 |
0.143.0 | Review | 4 | 2026-06-09 |
0.142.0 | Review | 4 | 2026-06-08 |
0.141.0 | Review | 4 | 2026-06-08 |
0.140.0 | Review | 4 | 2026-06-02 |
0.139.0 | Review | 4 | 2026-06-02 |
0.138.0 | Review | 4 | 2026-06-01 |
0.137.0 | Review | 4 | 2026-06-01 |
0.136.0 | Review | 4 | 2026-05-31 |
0.135.0 | Review | 4 | 2026-05-31 |
0.134.0 | Low risk | 0 | 2026-05-30 |
0.133.0 | Low risk | 0 | 2026-05-28 |
0.132.0 | Low risk | 0 | 2026-05-28 |
0.131.0 | Low risk | 0 | 2026-05-27 |
0.130.0 | Low risk | 0 | 2026-05-26 |
0.129.0 | Low risk | 0 | 2026-05-24 |
0.128.0 | Low risk | 0 | 2026-05-24 |
0.126.0 | Low risk | 0 | 2026-05-24 |
0.127.0 | Low risk | 0 | 2026-05-24 |
Block this in CI
pkgradar gate --ecosystem npm @loczer/[email protected]