PkgRadar

npm · registry.npmjs.org

date-holidays

Remote Dependency Spec: devDependencies.@mocha/contributors="git+https://github.com/commenthol/contributors.git#semver:1.1.0-0"

Why PkgRadar flagged 3.30.1

SeveritySignalEvidence
mediumRemote Dependency SpecdevDependencies.@mocha/contributors="git+https://github.com/commenthol/contributors.git#semver:1.1.0-0" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
3.30.1Review22026-05-26
3.30.2Review22026-05-26

Block this in CI

PkgRadar gates date-holidays (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence