Loading npm security reports…
Monorepo tooling for @vnejs
No confirmed malicious attack surface was established. The risky primitives are explicit monorepo maintenance commands aligned with package purpose, not automatic install/import behavior.
Package source references child process execution.
src/workspace/fetch-npm-version.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
src/publish/utils.jsView on unpkg · L27Package source references child process execution.
src/workspace/fetch-npm-version.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
src/publish/utils.jsView on unpkg · L27