PkgRadar

npm · registry.npmjs.org

@procore/js-sdk-endpoints

Remote Dependency Spec: dependencies.progress="https://github.com/visionmedia/node-progress"

Why PkgRadar flagged 1.9.0

SeveritySignalEvidence
highRemote Dependency Specdependencies.progress="https://github.com/visionmedia/node-progress" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
1.9.0High risk122026-06-08
1.9.1Low risk02026-06-08
1.9.2Low risk02026-06-01
1.9.2-alpha.0Low risk02026-06-01

Block this in CI

PkgRadar gates @procore/js-sdk-endpoints (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @procore/[email protected]
Start free — 25 scans / moView full evidence