npm · registry.npmjs.org

marked-toc-extension

Remote Dependency Spec: devDependencies.@semantic-release/git="github:semantic-release/git"

Why PkgRadar flagged 3.5.0

Severity	Signal	Evidence
medium	Remote Dependency Spec	devDependencies.@semantic-release/git="github:semantic-release/git" · package.json
medium	Dependency Changed To Remote Vs Previous	devDependencies.@semantic-release/git changed to remote spec in 3.5.0 vs 3.4.0: "github:semantic-release/git" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`3.3.0`	Low risk	0	2026-06-14
`3.4.0`	Low risk	0	2026-06-14
`3.5.0`	Review	16	2026-06-14
`3.5.1`	Review	2	2026-06-14

Block this in CI

PkgRadar gates marked-toc-extension (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]