PkgRadar

npm · registry.npmjs.org

@denveous/pi

Remote Dependency Spec: dependencies.@earendil-works/pi-tui="https://registry.npmjs.org/@denveous/pi-tui/-/pi-tui-0.75.6.tgz"

Why PkgRadar flagged 0.75.8

SeveritySignalEvidence
highRemote Dependency Specdependencies.@earendil-works/pi-tui="https://registry.npmjs.org/@denveous/pi-tui/-/pi-tui-0.75.6.tgz" · package.json
highDependency Changed To Remote Vs Previousdependencies.@earendil-works/pi-tui changed to remote spec in 0.75.8 vs 0.75.7: "https://registry.npmjs.org/@denveous/pi-tui/-/pi-tui-0.75.6.tgz" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
0.75.8High risk292026-06-10
0.75.7Review52026-05-28
0.76.0High risk522026-05-28

Block this in CI

PkgRadar gates @denveous/pi (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @denveous/[email protected]
Start free — 25 scans / moView full evidence