PkgRadar

npm · registry.npmjs.org

yandex-geobase

no static findings

Early detection

PkgRadar flagged this 1.5 days before public disclosure

Detected 2026-06-27 · disclosed as MAL-2026-6574 on 2026-06-29

Scanned versions

VersionVerdictScoreScanned (UTC)
2.1.1High risk02026-07-10
2.1.0Review152026-06-27
3.9.0Review152026-06-27
2.2.0High risk52026-06-27
2.9.0High risk52026-06-27
2.1.2High risk452026-06-27

Block this in CI

PkgRadar gates yandex-geobase (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
yandex-geobase — npm malware advisory | PkgRadar