npm · registry.npmjs.org
opencode-dux
Remote Payload: matched "github.com/${REPO}/releases/download"
Why PkgRadar flagged 1.4.12
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "github.com/${REPO}/releases/download" · package/dist/index.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.4.12 | Review | 12 | 2026-06-09 |
1.4.11 | Review | 12 | 2026-06-09 |
1.4.10 | Review | 12 | 2026-06-05 |
1.4.8 | Review | 12 | 2026-06-05 |
1.4.9 | Review | 12 | 2026-06-05 |
1.4.7 | Review | 12 | 2026-06-05 |
1.4.6 | Review | 12 | 2026-06-05 |
1.4.5 | Review | 12 | 2026-06-04 |
1.4.4 | Review | 12 | 2026-06-04 |
1.4.2 | Review | 12 | 2026-06-03 |
1.4.3 | Review | 12 | 2026-06-03 |
1.4.1 | Review | 12 | 2026-06-02 |
1.4.0 | Review | 12 | 2026-06-02 |
1.3.31 | Low risk | 0 | 2026-06-02 |
1.3.29 | Low risk | 0 | 2026-06-01 |
1.3.30 | Low risk | 0 | 2026-06-01 |
1.3.28 | Low risk | 0 | 2026-05-25 |
1.3.27 | Review | 48 | 2026-05-25 |
1.3.26 | Review | 48 | 2026-05-24 |
1.3.24 | Review | 48 | 2026-05-24 |
1.3.25 | Review | 48 | 2026-05-24 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]