PkgRadar

npm · registry.npmjs.org

ramp-pcar

Remote Dependency Spec: dependencies.@ramp4-pcar4/vue3-treeselect="github:ramp4-pcar4/vue3-treeselect#v1.0.0"

Why PkgRadar flagged 4.20.0

SeveritySignalEvidence
mediumRemote Dependency Specdependencies.@ramp4-pcar4/vue3-treeselect="github:ramp4-pcar4/vue3-treeselect#v1.0.0" · package.json
mediumRemote Dependency Specdependencies.fabric="github:ramp4-pcar4/fabric.js#v5.3.1" · package.json
mediumDependency Changed To Remote Vs Previousdependencies.fabric changed to remote spec in 4.20.0 vs 4.19.0: "github:ramp4-pcar4/fabric.js#v5.3.1" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
4.20.0Review362026-06-03
4.21.0Review162026-05-25

Block this in CI

PkgRadar gates ramp-pcar (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence
ramp-pcar — npm security scan | PkgRadar