npm · registry.npmjs.org

bonree-design-plus

Remote Dependency Spec: devDependencies.bonree-design="http://10.241.150.42:8081/nexus/repository/npmhosted/bonree-design/-/bonree-design-4.0.0-26.tgz"

Why PkgRadar flagged 5.0.0

Severity	Signal	Evidence
medium	Remote Dependency Spec	devDependencies.bonree-design="http://10.241.150.42:8081/nexus/repository/npmhosted/bonree-design/-/bonree-design-4.0.0-26.tgz" · package.json
medium	Dependency Changed To Remote Vs Previous	devDependencies.bonree-design changed to remote spec in 5.0.0 vs 4.3.20: "http://10.241.150.42:8081/nexus/repository/npmhosted/bonree-design/-/bonree-design-4.0.0-26.tgz" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`4.3.20`	Low risk	0	2026-06-09
`5.0.0`	Review	16	2026-06-09
`5.0.1`	Review	4	2026-06-09
`5.0.2`	Review	4	2026-06-09

Block this in CI

PkgRadar gates bonree-design-plus (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]

Start free — 25 scans / mo View full evidence