npm · registry.npmjs.org

@selfxyz/common

Remote Dependency Spec: dependencies.@anon-aadhaar/core="https://gitpkg.vercel.app/selfxyz/anon-aadhaar/packages/core?1b9efa501cff3cf25dc260b060bf611229e316a4"

Why PkgRadar flagged 0.0.8

Severity	Signal	Evidence
high	Remote Dependency Spec	dependencies.@anon-aadhaar/core="https://gitpkg.vercel.app/selfxyz/anon-aadhaar/packages/core?1b9efa501cff3cf25dc260b060bf611229e316a4" · package.json
medium	Remote Dependency Spec	dependencies.node-forge="github:remicolin/forge#17a11a632dd0e50343b3b8393245a2696f78afbb" · package.json
high	New Remote Dependency Vs Previous	dependencies.@anon-aadhaar/core added in 0.0.8 vs 0.0.7: "https://gitpkg.vercel.app/selfxyz/anon-aadhaar/packages/core?1b9efa501cff3cf25dc260b060bf611229e316a4" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.0.8`	High risk	36	2026-06-10
`0.0.9`	Review	12	2026-06-02

Block this in CI

PkgRadar gates @selfxyz/common (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @selfxyz/[email protected]

Start free — 25 scans / mo View full evidence