npm · registry.npmjs.org
@vino.tian/vibe-kanban
Remote Payload: matched "github.com/${repository}/releases/download"
Why PkgRadar flagged 0.1.4419
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "github.com/${repository}/releases/download" · package/bin/cli.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2026.6.9-t1025 | Low risk | 0 | 2026-06-09 |
2026.6.8-t1817 | Low risk | 0 | 2026-06-08 |
0.1.4426 | Low risk | 0 | 2026-06-01 |
0.1.4425 | Low risk | 0 | 2026-05-31 |
0.1.4424 | Low risk | 0 | 2026-05-30 |
0.1.4423 | Low risk | 0 | 2026-05-29 |
0.1.4422 | Low risk | 0 | 2026-05-28 |
0.1.4421 | Low risk | 0 | 2026-05-27 |
0.1.4418 | Low risk | 0 | 2026-05-27 |
0.1.4420 | Low risk | 0 | 2026-05-27 |
0.1.4419 | Review | 12 | 2026-05-25 |
0.1.4416 | Review | 12 | 2026-05-24 |
0.1.4417 | Review | 12 | 2026-05-24 |
Block this in CI
pkgradar gate --ecosystem npm @vino.tian/[email protected]