# node-fetch@2.0.0-alpha.5 — Threat Briefing

High risk — threat briefing for npm package node-fetch@2.0.0-alpha.5. Capabilities, risk paths, and what to check.

- **Ecosystem:** npm
- **Latest version:** 3.3.2
- **License:** MIT

## Risk

- **Level:** high
- **Summary:** Dev dependency rollup-plugin-babel has CRITICAL alert — developer machines at risk, not production

## Capability Summary

| Capability | Level |
|---|---|
| install scripts | Prepare |
| network access | client |
| filesystem | none |
| shell execution | none |

## Capabilities

### Other

- External vendor / cloud integration [common]

## Key Signals

- ****
- ****
- ****
- ****

## Maintainer


## Recommended Action

Review before installing in sensitive environments.