npm · registry.npmjs.org

@wix/members-followers

Remote Dependency Spec: devDependencies.@wix/sdk="https://cdn.dev.wixpress.com/@wix/sdk/02e8069ab2fd783e0e6a080fc7d590e76cb26ab93c8389574286305b.tar.gz"

Why PkgRadar flagged 1.0.9

Severity	Signal	Evidence
medium	Remote Dependency Spec	devDependencies.@wix/sdk="https://cdn.dev.wixpress.com/@wix/sdk/02e8069ab2fd783e0e6a080fc7d590e76cb26ab93c8389574286305b.tar.gz" · package.json
medium	New Remote Dependency Vs Previous	devDependencies.@wix/sdk added in 1.0.9 vs 1.0.8: "https://cdn.dev.wixpress.com/@wix/sdk/02e8069ab2fd783e0e6a080fc7d590e76cb26ab93c8389574286305b.tar.gz" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.0.9`	Review	16	2026-06-03
`1.0.8`	Low risk	0	2026-05-28

Related campaigns

wix-ci-publisher — 3 releases, max score 90

Block this in CI

PkgRadar gates @wix/members-followers (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @wix/[email protected]

Start free — 25 scans / mo View full evidence