PkgRadar

npm · registry.npmjs.org

@stremio/stremio-video

Remote Dependency Spec: dependencies.hls.js="https://github.com/Stremio/hls.js/releases/download/v1.5.4-patch2/hls.js-1.5.4-patch2.tgz"

Why PkgRadar flagged 0.0.78

SeveritySignalEvidence
highRemote Dependency Specdependencies.hls.js="https://github.com/Stremio/hls.js/releases/download/v1.5.4-patch2/hls.js-1.5.4-patch2.tgz" · package.json
mediumRemote Dependency Specdependencies.vtt.js="github:jaruba/vtt.js#84d33d157848407d790d78423dacc41a096294f0" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
0.0.78Review72026-06-10
0.0.79-tizen02Review72026-06-10
0.0.79Review72026-05-26
0.0.79-tizen01Review72026-05-26

Block this in CI

PkgRadar gates @stremio/stremio-video (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @stremio/[email protected]
Start free — 25 scans / moView full evidence
@stremio/stremio-video — npm security scan | PkgRadar