PkgRadar

npm · registry.npmjs.org

@privacy-test/tornado-cash

Remote Dependency Spec: dependencies.snarkjs="git+https://github.com/tornadocash/snarkjs.git#869181cfaf7526fe8972073d31655493a04326d5"

Why PkgRadar flagged 0.0.2-alpha.8

SeveritySignalEvidence
mediumRemote Dependency Specdependencies.snarkjs="git+https://github.com/tornadocash/snarkjs.git#869181cfaf7526fe8972073d31655493a04326d5" · package.json
mediumRemote Dependency Specdependencies.websnark="git+https://github.com/tornadocash/websnark.git#4c0af6a8b65aabea3c09f377f63c44e7a58afa6d" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
0.0.2-alpha.8Review242026-05-31

Block this in CI

PkgRadar gates @privacy-test/tornado-cash (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @privacy-test/[email protected]
Start free — 25 scans / moView full evidence