PkgRadar

npm · registry.npmjs.org

@henrylabs/mcp

Remote Dependency Spec: dependencies.jq-web="https://github.com/stainless-api/jq-web/releases/download/v0.8.8/jq-web.tar.gz"

Why PkgRadar flagged 1.3.0

SeveritySignalEvidence
highRemote Dependency Specdependencies.jq-web="https://github.com/stainless-api/jq-web/releases/download/v0.8.8/jq-web.tar.gz" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
1.3.0High risk82026-06-20
1.4.0High risk82026-06-20
1.5.0High risk82026-06-20
1.8.0High risk82026-06-20

Related campaigns

Block this in CI

PkgRadar gates @henrylabs/mcp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @henrylabs/[email protected]
Start free — 25 scans / moView full evidence