PkgRadar

npm · registry.npmjs.org

@topsort/tremor

Remote Dependency Spec: devDependencies.@semantic-release/github="github:semantic-release/github"

Why PkgRadar flagged 3.14.0

SeveritySignalEvidence
mediumRemote Dependency SpecdevDependencies.@semantic-release/github="github:semantic-release/github" · package.json
mediumRemote Dependency SpecdevDependencies.@semantic-release/npm="github:semantic-release/npm" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
3.14.0Review162026-06-10
3.14.1Review162026-06-10
3.14.2Review162026-06-10
3.14.3Review162026-06-10

Block this in CI

PkgRadar gates @topsort/tremor (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @topsort/[email protected]
Start free — 25 scans / moView full evidence
@topsort/tremor — npm security scan | PkgRadar