npm · registry.npmjs.org

@foerderfunke/matching-engine

Remote Dependency Spec: dependencies.shacl-engine="github:rdf-ext/shacl-engine#sparql"

Why PkgRadar flagged 0.2.2

Severity	Signal	Evidence
medium	Remote Dependency Spec	dependencies.shacl-engine="github:rdf-ext/shacl-engine#sparql" · package.json
medium	New Remote Dependency Vs Previous	dependencies.shacl-engine added in 0.2.2 vs 0.2.1: "github:rdf-ext/shacl-engine#sparql" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.7.4`	Low risk	0	2026-06-10
`0.2.2`	Review	24	2026-06-10
`1.5.7`	Low risk	0	2026-06-10
`1.5.8`	Low risk	0	2026-06-10
`1.5.6`	Low risk	0	2026-06-10
`0.2.3`	Review	6	2026-06-10
`1.5.9`	Low risk	0	2026-06-10

Block this in CI

PkgRadar gates @foerderfunke/matching-engine (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @foerderfunke/[email protected]