PkgRadar

npm · registry.npmjs.org

vona-suite-a-vona

Manifest Codeless Dependency Stub: package ships no JS/TS source but declares 53 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape

Why PkgRadar flagged 5.1.40

SeveritySignalEvidence
mediumManifest Codeless Dependency Stubpackage ships no JS/TS source but declares 53 dependency(ies) (0 with loose/empty version specs) — dependency-confusion / install-chain loader shape · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
5.1.40Review72026-06-13
5.1.37Review72026-06-12
5.1.33Review72026-06-03
5.1.32Review72026-06-02
5.1.30Low risk02026-05-30
5.1.31Low risk02026-05-30

Block this in CI

PkgRadar gates vona-suite-a-vona (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence
vona-suite-a-vona — npm security scan | PkgRadar