PkgRadar

npm · registry.npmjs.org

@stigg/typescript-mcp

Remote Dependency Spec: dependencies.jq-web="https://github.com/stainless-api/jq-web/releases/download/v0.8.8/jq-web.tar.gz"

Why PkgRadar flagged 0.1.0-beta.23

SeveritySignalEvidence
highRemote Dependency Specdependencies.jq-web="https://github.com/stainless-api/jq-web/releases/download/v0.8.8/jq-web.tar.gz" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.0-beta.23High risk122026-06-11
0.1.0-beta.20High risk122026-06-10
0.1.0-beta.21High risk122026-06-10
0.1.0-beta.22High risk122026-06-10
0.1.0-beta.19High risk122026-06-10
0.1.0-beta.18High risk122026-06-10
0.1.0-beta.17High risk122026-06-10
0.1.0-beta.16High risk122026-06-10
0.1.0-beta.14High risk122026-06-10
0.1.0-beta.15High risk122026-06-10
0.1.0-beta.13High risk122026-06-10
0.1.0-beta.4Review122026-05-31
0.1.0-beta.10Review122026-05-31

Block this in CI

PkgRadar gates @stigg/typescript-mcp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @stigg/[email protected]
Start free — 25 scans / moView full evidence