PkgRadar

npm · registry.npmjs.org

@jocmp/mercury-parser

Remote Dependency Spec: dependencies.browser-request="github:postlight/browser-request#feat-add-headers-to-response"

Why PkgRadar flagged 3.0.6

SeveritySignalEvidence
mediumRemote Dependency Specdependencies.browser-request="github:postlight/browser-request#feat-add-headers-to-response" · package.json
mediumRemote Dependency Specdependencies.difflib="github:postlight/difflib.js" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
3.0.6Review122026-06-17
3.0.7Review122026-06-17
3.0.8Review122026-06-17
3.0.9Review122026-06-17

Block this in CI

PkgRadar gates @jocmp/mercury-parser (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @jocmp/[email protected]
Start free — 25 scans / moView full evidence