npm · registry.npmjs.org
@openlist-frontend/openlist-frontend
Remote Payload: matched "raw.githubusercontent.com"
Why PkgRadar flagged 4.2.2
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/dist/assets/About-B8Z3nTEE.js |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/dist/lite/assets/About-BJhlrkSM.js |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/dist/assets/About-legacy-BEpxuXvI.js |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/dist/lite/assets/About-legacy-D9AdJZUt.js |
| medium | Remote Dependency Spec | dependencies.@hope-ui/solid="github:OpenListTeam/hope-ui#31b436e36ae5d266016814ba71a442ffa9d91181" · package.json |
| medium | Remote Dependency Spec | dependencies.mpegts.js="github:OpenListTeam/mpegts.js#1e51e0f6f918cf08e05dfae9c7bfcf658d6b4ac2" · package.json |
| medium | Dependency Changed To Remote Vs Previous | dependencies.@hope-ui/solid changed to remote spec in 4.2.2 vs 4.2.1: "github:OpenListTeam/hope-ui#31b436e36ae5d266016814ba71a442ffa9d91181" · package.json |
| medium | Dependency Changed To Remote Vs Previous | dependencies.mpegts.js changed to remote spec in 4.2.2 vs 4.2.1: "github:OpenListTeam/mpegts.js#1e51e0f6f918cf08e05dfae9c7bfcf658d6b4ac2" · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
4.2.2 | High risk | 96 | 2026-06-10 |
4.2.1 | Review | 43 | 2026-05-25 |
Block this in CI
pkgradar gate --ecosystem npm @openlist-frontend/[email protected]