npm · registry.npmjs.org

@nirvana-labs/nirvana-mcp

Remote Dependency Spec: dependencies.jq-web="https://github.com/stainless-api/jq-web/releases/download/v0.8.8/jq-web.tar.gz"

Why PkgRadar flagged 1.91.9

Severity	Signal	Evidence
high	Remote Dependency Spec	dependencies.jq-web="https://github.com/stainless-api/jq-web/releases/download/v0.8.8/jq-web.tar.gz" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.91.9`	Review	3	2026-06-12
`1.91.8`	Review	3	2026-06-11
`1.91.7`	Review	3	2026-06-11
`1.91.6`	Review	3	2026-06-11
`1.91.5`	Review	3	2026-06-10
`1.35.5`	Review	8	2026-06-10
`1.35.6`	Review	8	2026-06-10
`1.36.0`	Review	8	2026-06-10
`1.91.4`	Review	3	2026-06-10
`1.91.3`	Review	3	2026-06-06
`1.91.2`	Review	3	2026-06-05
`1.91.1`	Review	3	2026-06-02
`1.91.0`	Review	3	2026-05-29
`1.90.1`	Review	17	2026-05-28
`1.89.0`	Review	17	2026-05-25
`1.90.0`	Review	17	2026-05-25

Block this in CI

PkgRadar gates @nirvana-labs/nirvana-mcp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @nirvana-labs/[email protected]