# css-loader@2.1.1 — Threat Briefing

Medium risk — threat briefing for npm package css-loader@2.1.1. Capabilities, risk paths, and what to check.

- **Ecosystem:** npm
- **Latest version:** 7.1.2
- **License:** MIT

## Risk

- **Level:** medium
- **Summary:** No risky changes detected

## Capability Summary

| Capability | Level |
|---|---|
| install scripts | Prepublish |
| network access | none |
| filesystem | none |
| shell execution | none |

## Capabilities

### Install Scripts

- Install-time script execution [common]

### Other

- No dependency lockfile (unpinned installs) [common]
- Filesystem read from package directory (info-only) [common]
- External vendor / cloud integration [common]

## Key Signals

- ****
- ****

## Trust Signals

### Code Safety

- No dynamic code execution
- No access to sensitive paths

## Maintainer


## Recommended Action

Audit capabilities before use in production.