PkgRadar

npm · registry.npmjs.org

@pnpm/engine.runtime.bun-resolver

Remote Payload: matched "github.com/oven-sh/bun/releases/download"

Why PkgRadar flagged 1101.1.1

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/oven-sh/bun/releases/download" · package/lib/index.js

Scanned versions

VersionVerdictScoreScanned (UTC)
1102.0.0Low risk02026-06-15
1101.1.7Low risk02026-06-11
1101.1.6Low risk02026-06-10
1101.1.5Low risk02026-06-05
1101.1.4Low risk02026-05-29
1101.1.3Low risk02026-05-27
1101.1.1Review122026-05-24
1101.1.2Review122026-05-24

Block this in CI

PkgRadar gates @pnpm/engine.runtime.bun-resolver (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @pnpm/[email protected]
Start free — 25 scans / moView full evidence