npm · registry.npmjs.org

@vybestack/llxprt-code-lsp

Manifest Codeless Dependency Stub: package ships no JS/TS source but declares 4 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape

Why PkgRadar flagged 0.9.3

Severity	Signal	Evidence
medium	Manifest Codeless Dependency Stub	package ships no JS/TS source but declares 4 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.9.3`	Review	15	2026-06-13
`0.10.0-nightly.260613.1adad3b34`	Review	4	2026-06-13
`0.10.0-nightly.260609.a391c4fb7`	Review	4	2026-06-09
`0.10.0-nightly.260608.b7df72962`	Review	4	2026-06-08
`0.10.0-nightly.260608.021901f4b`	Review	4	2026-06-08
`0.10.0-nightly.260608.a9c742716`	Review	4	2026-06-08
`0.10.0-nightly.260607.f5ba94e76`	Review	4	2026-06-07
`0.10.0-nightly.260607.b686a0587`	Review	4	2026-06-07
`0.10.0-nightly.260606.047cfb1c7`	Review	4	2026-06-06
`0.10.0-nightly.260605.4d903c1d6`	Review	4	2026-06-05
`0.10.0-nightly.260604.92bf45f0e`	Review	4	2026-06-04
`0.10.0-nightly.260519.2a7ec008a`	Review	15	2026-06-04
`0.10.0-nightly.260603.a914fb90e`	Review	4	2026-06-04

Block this in CI

PkgRadar gates @vybestack/llxprt-code-lsp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @vybestack/[email protected]

Start free — 25 scans / mo View full evidence