npm · registry.npmjs.org
vibecoding-installer
Manifest Codeless Dependency Stub: package ships no JS/TS source but declares 8 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape
Why PkgRadar flagged 0.1.42
| Severity | Signal | Evidence |
|---|---|---|
| medium | Manifest Codeless Dependency Stub | package ships no JS/TS source but declares 8 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.1.42 | Review | 10 | 2026-06-16 |
0.1.41 | Review | 10 | 2026-06-16 |
0.1.40 | Review | 10 | 2026-06-15 |
0.1.38 | Review | 15 | 2026-06-13 |
0.1.37 | Review | 15 | 2026-06-13 |
0.1.36 | Review | 15 | 2026-06-12 |
0.1.34-2-gc5d2aca | Review | 10 | 2026-06-11 |
0.1.34 | Review | 15 | 2026-06-08 |
0.1.32-1-ge809272 | Review | 10 | 2026-06-08 |
0.1.30-dirty | Review | 15 | 2026-06-02 |
0.1.31 | Review | 10 | 2026-06-02 |
0.1.29-dirty | Review | 15 | 2026-06-01 |
0.1.28-3-g40ac2e8 | Review | 15 | 2026-06-01 |
0.1.28-2-gb2f78d3-dirty | Review | 10 | 2026-06-01 |
0.1.27-dirty | Review | 10 | 2026-05-31 |
0.1.26-14-gf0f6f9c-dirty | Review | 3 | 2026-05-30 |
0.1.26-5-g221dccd-dirty | Review | 5 | 2026-05-30 |
0.1.25-11-g0da8752-dirty | Review | 5 | 2026-05-30 |
0.1.25-1-g263c076-dirty | Review | 5 | 2026-05-30 |
0.1.24-2-g4a0b022-dirty | Review | 3 | 2026-05-30 |
0.1.22-dirty | Review | 5 | 2026-05-30 |
0.1.23-dirty | Review | 5 | 2026-05-30 |
0.1.21-1-g85666b3-dirty | Review | 5 | 2026-05-30 |
0.1.20-2-ga9e236c-dirty | Review | 5 | 2026-05-30 |
0.1.20-dirty | Review | 5 | 2026-05-30 |
0.1.19-dirty | Review | 5 | 2026-05-30 |
0.1.18-dirty | Review | 5 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]