npm · registry.npmjs.org

@brave/brave-ui

Remote Dependency Spec: dependencies.@balajmarius/svg2jsx="github:brave/svg2jsx#507bc7e3782f838fc28af639bfcd24bb4435a218"

Why PkgRadar flagged 0.40.5

Severity	Signal	Evidence
medium	Remote Dependency Spec	dependencies.@balajmarius/svg2jsx="github:brave/svg2jsx#507bc7e3782f838fc28af639bfcd24bb4435a218" · package.json
medium	New Remote Dependency Vs Previous	dependencies.@balajmarius/svg2jsx added in 0.40.5 vs 0.40.4: "github:brave/svg2jsx#507bc7e3782f838fc28af639bfcd24bb4435a218" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.40.3`	Low risk	0	2026-06-18
`0.40.4`	Low risk	0	2026-06-18
`0.40.5`	Review	24	2026-06-18
`0.40.6`	Low risk	0	2026-06-18

Block this in CI

PkgRadar gates @brave/brave-ui (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @brave/[email protected]