npm · registry.npmjs.org

binary-collections

Remote Dependency Spec: dependencies.cross-spawn="https://github.com/dimaslanjaka/node-cross-spawn/raw/78b09a1f799430fb251c1b438ec56ce7957674f4/release/cross-spawn.tgz"

Why PkgRadar flagged 2.0.14

Severity	Signal	Evidence
high	Remote Dependency Spec	dependencies.cross-spawn="https://github.com/dimaslanjaka/node-cross-spawn/raw/78b09a1f799430fb251c1b438ec56ce7957674f4/release/cross-spawn.tgz" · package.json
high	Remote Dependency Spec	dependencies.git-command-helper="https://github.com/dimaslanjaka/git-command-helper/raw/ed17f70eb7444d24bd8eb984a4afe9fd64652838/release/git-command-helper.tgz" · package.json
high	Remote Dependency Spec	dependencies.sbg-utility="https://github.com/dimaslanjaka/static-blog-generator/raw/44e5c7b79b4e60f8c2d34857c27b8ce677d7493e/packages/sbg-utility/release/sbg-utility.tgz" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2.0.14`	High risk	25	2026-06-03
`2.0.13`	High risk	72	2026-06-03
`2.0.12`	High risk	45	2026-06-03
`2.0.11`	Review	35	2026-05-26

Related campaigns

dimaslanjaka — 3 releases, max score 72

Block this in CI

PkgRadar gates binary-collections (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]

Start free — 25 scans / mo View full evidence