npm · registry.npmjs.org

@openfeed/sdk-js

Remote Dependency Spec: devDependencies.proto="git+ssh://[email protected]/openfeed-org/proto.git#master"

Why PkgRadar flagged 1.7.2

Severity	Signal	Evidence
medium	Remote Dependency Spec	devDependencies.proto="git+ssh://[email protected]/openfeed-org/proto.git#master" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.7.2`	Review	2	2026-06-17
`1.6.10`	Review	4	2026-06-17
`1.6.11`	Review	4	2026-06-17
`1.6.9`	Review	4	2026-06-17
`1.7.1`	Review	2	2026-06-17

Block this in CI

PkgRadar gates @openfeed/sdk-js (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @openfeed/[email protected]