npm · registry.npmjs.org
putout
Remote Dependency Spec: dependencies.recast="https://github.com/coderaiser/recast/archive/v0.18.2-fix.tar.gz"
Why PkgRadar flagged 5.3.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Remote Dependency Spec | dependencies.recast="https://github.com/coderaiser/recast/archive/v0.18.2-fix.tar.gz" · package.json |
| high | Dependency Changed To Remote Vs Previous | dependencies.recast changed to remote spec in 5.3.0 vs 5.2.1: "https://github.com/coderaiser/recast/archive/v0.18.2-fix.tar.gz" · package.json |
| medium | Remote Dependency Spec | devDependencies.async-await-codemod="https://github.com/sgilroy/async-await-codemod.git" · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
42.6.0 | Low risk | 0 | 2026-06-12 |
5.21.0 | Review | 8 | 2026-06-12 |
5.10.0 | Review | 6 | 2026-06-12 |
5.3.0 | High risk | 32 | 2026-06-12 |
42.5.2 | Low risk | 0 | 2026-06-04 |
42.5.0 | Low risk | 0 | 2026-05-25 |
42.5.1 | Low risk | 0 | 2026-05-25 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]