PkgRadar

npm · registry.npmjs.org

promptbook

Manifest Codeless Dependency Stub: package ships no JS/TS source but declares 28 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape

Why PkgRadar flagged 0.112.0-117

SeveritySignalEvidence
mediumManifest Codeless Dependency Stubpackage ships no JS/TS source but declares 28 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
0.112.0-117Review72026-06-15
0.112.0-115Review72026-06-13
0.112.0-114Review72026-06-13
0.112.0-113Review72026-06-12
0.112.0-112Review72026-06-11
0.112.0-110Review72026-06-09
0.112.0-111Review72026-06-09
0.112.0-109Review72026-06-08
0.112.0-108Review72026-06-07
0.112.0-107Review72026-06-07
0.112.0-106Review72026-06-06
0.112.0-105Review72026-06-05
0.112.0-103Review72026-06-04
0.112.0-104Review72026-06-04
0.112.0-102Review72026-06-03
0.112.0-100Review72026-05-31
0.112.0-99Review72026-05-31
0.112.0-98Low risk02026-05-31
0.112.0-97Low risk02026-05-29
0.112.0-96Low risk02026-05-27
0.112.0-95Low risk02026-05-27
0.112.0-93Low risk02026-05-26
0.112.0-92Low risk02026-05-25
0.112.0-91Low risk02026-05-25
0.112.0-90Low risk02026-05-25
0.112.0-89Low risk02026-05-25
0.112.0-88Low risk02026-05-25
0.112.0-87Low risk02026-05-25
0.112.0-73Low risk02026-05-24
0.112.0-82Low risk02026-05-24

Block this in CI

PkgRadar gates promptbook (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence