npm · registry.npmjs.org

wm-idp-sdk

Remote Dependency Spec: dependencies.node-fetch="https://registry.ctzbg.com/wm-idp-sdk/node-fetch"

Why PkgRadar flagged 1.2.1

Severity	Signal	Evidence
high	Remote Dependency Spec	dependencies.node-fetch="https://registry.ctzbg.com/wm-idp-sdk/node-fetch" · package.json
high	New Remote Dependency Vs Previous	dependencies.node-fetch added in 1.2.1 vs 1.2.0: "https://registry.ctzbg.com/wm-idp-sdk/node-fetch" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.2.1`	High risk	24	2026-06-03
`1.1.10`	High risk	24	2026-06-03

Block this in CI

PkgRadar gates wm-idp-sdk (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]