PkgRadar

npm · registry.npmjs.org

@wundr.io/cli-simple

Manifest Codeless Dependency Stub: package ships no JS/TS source but declares 8 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape

Why PkgRadar flagged 1.0.39

SeveritySignalEvidence
mediumManifest Codeless Dependency Stubpackage ships no JS/TS source but declares 8 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
1.0.39Review102026-06-12
1.0.38Review102026-06-04
1.0.37Review102026-06-04
1.0.35Review102026-06-03
1.0.36Review102026-06-03
1.0.33Review102026-06-03
1.0.34Review102026-06-03
1.0.31Review102026-06-03
1.0.30Review102026-06-03
1.0.29Review102026-06-02
1.0.28Review102026-06-01
1.0.27Review102026-06-01
1.0.25Review102026-06-01
1.0.26Review102026-06-01
1.0.23Review102026-06-01
1.0.22Review102026-06-01
1.0.21Review102026-06-01
1.0.19Review102026-06-01
1.0.18Review102026-05-31
1.0.17Review102026-05-31
1.0.16Review152026-05-31
1.0.15Review152026-05-31
1.0.14Review152026-05-31
1.0.13Low risk02026-05-31
1.0.12Low risk02026-05-31
1.0.2-dev.20260530182802.ae187324Low risk02026-05-30
1.0.2-dev.20260530180455.e1307186Low risk02026-05-30
1.0.1Low risk02026-05-30
1.0.2-dev.20260530174250.ef0ec927Low risk02026-05-30

Block this in CI

PkgRadar gates @wundr.io/cli-simple (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @wundr.io/[email protected]
Start free — 25 scans / moView full evidence