npm · registry.npmjs.org

@vscode/common-python-lsp

Remote Dependency Spec: dependencies.@vscode/python-environments="https://pkgs.dev.azure.com/azure-public/vside/_packaging/msft_consumption/npm/registry/@vscode/python-environments/-/python-environments-1.0.0.tgz"

Why PkgRadar flagged 0.5.1

Severity	Signal	Evidence
high	Remote Dependency Spec	dependencies.@vscode/python-environments="https://pkgs.dev.azure.com/azure-public/vside/_packaging/msft_consumption/npm/registry/@vscode/python-environments/-/python-environments-1.0.0.tgz" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.5.1`	High risk	12	2026-06-05
`0.5.2`	High risk	12	2026-06-05

Block this in CI

PkgRadar gates @vscode/common-python-lsp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @vscode/[email protected]

Start free — 25 scans / mo View full evidence