PkgRadar

npm · registry.npmjs.org

@volcengine/veplayer-plugin

Large Javascript Payload: 7569627 bytes

Why PkgRadar flagged 2.10.4-rc.4

SeveritySignalEvidence
mediumLarge Javascript Payload7569627 bytes · package/esm/index.development.js
mediumLarge Javascript Payload4454179 bytes · package/esm/index.production.js

Scanned versions

VersionVerdictScoreScanned (UTC)
2.12.0-rc.1Low risk02026-06-16
2.4.0Low risk02026-06-16
2.12.0Low risk02026-06-02
2.10.4-rc.4Review102026-05-25
2.12.0-rc.2Review102026-05-25

Block this in CI

PkgRadar gates @volcengine/veplayer-plugin (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @volcengine/[email protected]
Start free — 25 scans / moView full evidence