PkgRadar

npm · registry.npmjs.org

loccle

Native Binary Main Entry: main/bin entry points to a compiled binary: bin entry

Why PkgRadar flagged 1.0.15

SeveritySignalEvidence
highNative Binary Main Entrymain/bin entry points to a compiled binary: bin entry · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
1.0.18Low risk02026-06-17
1.0.17Low risk02026-06-17
1.0.16Low risk02026-06-16
1.0.15High risk502026-06-11
1.0.13High risk902026-06-10
1.0.11High risk902026-06-10
1.0.14Review52026-06-09
1.0.12Review152026-06-09
0.0.0-master-202605180047Review52026-06-09
1.0.10Low risk02026-05-26
1.0.8Review52026-05-26
1.0.9Review52026-05-26

Campaign attribution

Part of the @nolimit-x binary payload campaign.

Block this in CI

PkgRadar gates loccle (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence