PkgRadar

npm · registry.npmjs.org

@typescript-deploys/monaco-editor

Remote Dependency Spec: devDependencies.uncss="https://github.com/uncss/uncss.git#d0adf4bb89ef4f82006f8dd5b40d22a94269e50a"

Why PkgRadar flagged 4.6.0-dev.20211115

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspostinstall added in 4.6.0-dev.20211115 vs 4.6.0-dev.20211105: "node build/postinstall.js" · package.json
mediumRemote Dependency SpecdevDependencies.uncss="https://github.com/uncss/uncss.git#d0adf4bb89ef4f82006f8dd5b40d22a94269e50a" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
4.5.1-rcReview22026-06-17
4.6.0-dev.20211104Review22026-06-17
4.6.0-dev.20211105Review22026-06-17
4.6.0-dev.20211115High risk532026-06-17

Campaign attribution

Part of the asteroiddao npm campaign campaign.

Block this in CI

PkgRadar gates @typescript-deploys/monaco-editor (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @typescript-deploys/[email protected]
Start free — 25 scans / moView full evidence