npm · registry.npmjs.org

npm2rpm

Remote Dependency Spec: dependencies.npm-remote-ls="github:dLobatog/npm-remote-ls#optional-deps-fix"

Why PkgRadar flagged 7.0.1

Severity	Signal	Evidence
medium	Remote Dependency Spec	dependencies.npm-remote-ls="github:dLobatog/npm-remote-ls#optional-deps-fix" · package.json
medium	Dependency Changed To Remote Vs Previous	dependencies.npm-remote-ls changed to remote spec in 7.0.1 vs 7.0.0: "github:dLobatog/npm-remote-ls#optional-deps-fix" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`6.2.0`	Low risk	0	2026-06-12
`7.0.0`	Low risk	0	2026-06-12
`7.0.1`	Review	24	2026-06-12
`7.0.2`	Review	3	2026-06-12

Block this in CI

PkgRadar gates npm2rpm (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]