Loading npm security reports…
Hybrid search for markdown with BM25, vector search, and local or remote LLM reranking
LPM treats this as warn-only first-party agent extension lifecycle risk. No automatic malicious behavior was established. The package includes an explicit CLI path that installs its own QMD agent skill and can link it for Claude.
Package source references dynamic require/import behavior.
dist/db.jsView on unpkg · L28This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/qmd.jsView on unpkgPackage source references dynamic require/import behavior.
dist/db.jsView on unpkg · L28This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/qmd.jsView on unpkg