npm · registry.npmjs.org

vellum

Remote Payload: matched "github.com/qdrant/qdrant/releases/download"

Why PkgRadar flagged 0.2.12

Severity	Signal	Evidence
medium	Remote Payload	matched "github.com/qdrant/qdrant/releases/download" · package/src/memory/qdrant-manager.ts

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.8.10-dev.202606111245.be4218b`	Low risk	0	2026-06-11
`0.8.10-dev.202606111140.6a5e88c`	Low risk	0	2026-06-11
`0.8.10-dev.202606110941.6cb149d`	Low risk	0	2026-06-11
`0.8.10-dev.202606110755.6cb149d`	Low risk	0	2026-06-11
`0.8.10-dev.202606110544.2aed335`	Low risk	0	2026-06-11
`0.8.10-dev.202606110422.8c0e9aa`	Low risk	0	2026-06-11
`0.8.10-dev.202606110317.792ac3c`	Low risk	0	2026-06-11
`0.8.10-dev.202606110240.ef9212e`	Low risk	0	2026-06-11
`0.8.10-dev.202606110112.319a8d3`	Low risk	0	2026-06-11
`0.8.10-dev.202606110059.319a8d3`	Low risk	0	2026-06-11
`0.8.10-dev.202606102342.319a8d3`	Low risk	0	2026-06-10
`0.8.10-dev.202606102253.fbea648`	Low risk	0	2026-06-10
`0.8.10-dev.202606102242.5285563`	Low risk	0	2026-06-10
`0.8.10-dev.202606102225.a3947de`	Low risk	0	2026-06-10
`0.8.10-dev.202606102147.02afd31`	Low risk	0	2026-06-10
`0.8.10-dev.202606102100.3beeffc`	Low risk	0	2026-06-10
`0.8.10-dev.202606101903.31e26e6`	Low risk	0	2026-06-10
`0.8.10-dev.202606101714.d4b22de`	Low risk	0	2026-06-10
`0.8.10-dev.202606101514.1c52ced`	Low risk	0	2026-06-10
`0.8.10-dev.202606101324.2fc90b3`	Low risk	0	2026-06-10
`0.8.10-dev.202606101436.d73da44`	Low risk	0	2026-06-10
`0.8.10-dev.202606101122.0de2aff`	Low risk	0	2026-06-10
`0.8.10-dev.202606100925.28c1cfb`	Low risk	0	2026-06-10
`0.8.10-dev.202606100742.99a7fab`	Low risk	0	2026-06-10
`0.8.10-dev.202606100317.c8b43c8`	Low risk	0	2026-06-10
`0.8.10-dev.202606100540.99a7fab`	Low risk	0	2026-06-10
`0.2.12`	Review	5	2026-06-10
`0.2.13`	Review	5	2026-06-10
`0.2.14`	Review	10	2026-06-10
`0.8.10-dev.202606100110.1d2c8c4`	Low risk	0	2026-06-10
`0.8.10-dev.202606092334.09948c8`	Low risk	0	2026-06-09
`0.8.10-dev.202606092238.d04fd59`	Low risk	0	2026-06-09
`0.8.10`	Low risk	0	2026-06-09
`0.8.9-dev.202606092139.1f3b646`	Low risk	0	2026-06-09
`0.8.9-dev.202606092047.e63da55`	Low risk	0	2026-06-09
`0.8.10-staging.1`	Low risk	0	2026-06-09
`0.8.9-dev.202606091946.122706e`	Low risk	0	2026-06-09
`0.8.9-dev.202606091926.ebb2d62`	Low risk	0	2026-06-09
`0.8.9-dev.202606091853.fbaa2ae`	Low risk	0	2026-06-09
`0.8.9`	Low risk	0	2026-06-09
`0.8.8-dev.202606091702.2771079`	Low risk	0	2026-06-09
`0.8.9-staging.5`	Low risk	0	2026-06-09
`0.8.8-dev.202606091516.3c27beb`	Low risk	0	2026-06-09
`0.8.8-dev.202606091311.113d87f`	Low risk	0	2026-06-09
`0.8.9-staging.4`	Low risk	0	2026-06-09
`0.8.8-dev.202606090339.ad6ec5a`	Low risk	0	2026-06-09
`0.8.8-dev.202606090318.74794fe`	Low risk	0	2026-06-09
`0.8.8-dev.202606090227.d9f1d29`	Low risk	0	2026-06-09
`0.8.8-dev.202606090218.6bcb462`	Low risk	0	2026-06-09
`0.8.8-dev.202606090104.b75d235`	Low risk	0	2026-06-09
`0.8.8-dev.202606082331.c911d0c`	Low risk	0	2026-06-09
`0.8.8-dev.202606082236.8dbacc9`	Low risk	0	2026-06-08
`0.8.9-staging.3`	Low risk	0	2026-06-08
`0.8.8-dev.202606082140.a5125fe`	Low risk	0	2026-06-08
`0.8.8-dev.202606082058.447e3b6`	Low risk	0	2026-06-08
`0.8.8-dev.202606081950.5bd40e7`	Low risk	0	2026-06-08
`0.8.8-dev.202606081859.f7bdc00`	Low risk	0	2026-06-08
`0.8.8-dev.202606081714.5590368`	Low risk	0	2026-06-08
`0.8.9-staging.2`	Low risk	0	2026-06-08
`0.8.8-dev.202606081339.938c6ec`	Low risk	0	2026-06-08
`0.8.8-dev.202606081515.c77a9b6`	Low risk	0	2026-06-08
`0.8.9-staging.1`	Low risk	0	2026-06-08
`0.8.8-dev.202606081143.f600053`	Low risk	0	2026-06-08
`0.8.8-dev.202606080544.8b7fbff`	Low risk	0	2026-06-08
`0.8.8-dev.202606080320.8b7fbff`	Low risk	0	2026-06-08
`0.8.8-dev.202606080112.5f6d567`	Low risk	0	2026-06-08
`0.8.8-dev.202606080009.0babb76`	Low risk	0	2026-06-08
`0.8.8-dev.202606072328.6710d73`	Low risk	0	2026-06-08
`0.8.8-dev.202606072131.4817a81`	Low risk	0	2026-06-07
`0.8.8-dev.202606072033.0e97ff6`	Low risk	0	2026-06-07
`0.8.8-dev.202606071935.547b6d2`	Low risk	0	2026-06-07
`0.8.8-dev.202606071835.08695c1`	Low risk	0	2026-06-07
`0.8.8-dev.202606071734.db66b83`	Low risk	0	2026-06-07
`0.8.8-dev.202606071535.f449fc1`	Low risk	0	2026-06-07
`0.8.8-dev.202606071441.cfe7f13`	Low risk	0	2026-06-07
`0.8.8-dev.202606071338.2b9914e`	Low risk	0	2026-06-07
`0.8.8-dev.202606071242.4ca7f3b`	Low risk	0	2026-06-07
`0.8.8-dev.202606071138.c258385`	Low risk	0	2026-06-07
`0.8.8-dev.202606071051.c258385`	Low risk	0	2026-06-07
`0.8.8-dev.202606070049.ca91213`	Low risk	0	2026-06-07
`0.8.8-dev.202606062128.ca91213`	Low risk	0	2026-06-06
`0.8.8-dev.202606062031.571ee14`	Low risk	0	2026-06-06
`0.8.8-dev.202606061935.99a472f`	Low risk	0	2026-06-06
`0.8.8-dev.202606061835.dc283b1`	Low risk	0	2026-06-06
`0.8.8-dev.202606061731.f1025b0`	Low risk	0	2026-06-06
`0.8.8-dev.202606061714.60a1761`	Low risk	0	2026-06-06
`0.8.8-dev.202606061701.9ee494c`	Low risk	0	2026-06-06
`0.8.8-dev.202606061631.10cd5fe`	Low risk	0	2026-06-06
`0.8.8-dev.202606061533.1a66375`	Low risk	0	2026-06-06
`0.8.8-dev.202606061135.a446a08`	Low risk	0	2026-06-06
`0.8.8-dev.202606061043.373bc8f`	Low risk	0	2026-06-06
`0.8.8-dev.202606060901.61e1660`	Low risk	0	2026-06-06
`0.8.8-dev.202606060043.60454ad`	Low risk	0	2026-06-06
`0.8.8-dev.202606052332.17fc8ea`	Low risk	0	2026-06-05
`0.8.8`	Low risk	0	2026-06-05
`0.8.7-dev.202606052232.2ddc989`	Low risk	0	2026-06-05
`0.8.7-dev.202606052220.6efc86d`	Low risk	0	2026-06-05
`0.8.7-dev.202606052135.3e62c5a`	Low risk	0	2026-06-05
`0.8.7-dev.202606052118.34cd356`	Low risk	0	2026-06-05
`0.8.7`	Low risk	0	2026-06-03
`0.8.6`	Low risk	0	2026-05-29
`0.8.5`	Low risk	0	2026-05-27
`0.8.4`	Low risk	0	2026-05-27

Block this in CI

PkgRadar gates vellum (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]

Start free — 25 scans / mo View full evidence