PkgRadar

npm · registry.npmjs.org

@timebyping/watermelondb

Remote Dependency Spec: devDependencies.big-list-of-naughty-strings="https://github.com/radex/big-list-of-naughty-strings#8346238a82f1e3a6f62389def1e668d80e4023fb"

Why PkgRadar flagged 0.30.2

SeveritySignalEvidence
highRemote Dependency SpecdevDependencies.big-list-of-naughty-strings="https://github.com/radex/big-list-of-naughty-strings#8346238a82f1e3a6f62389def1e668d80e4023fb" · package.json
mediumRemote Dependency SpecdevDependencies.cavy="git+https://github.com/Nozbe/cavy.git" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
0.30.2Review162026-05-26
0.30.3Review162026-05-26

Block this in CI

PkgRadar gates @timebyping/watermelondb (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @timebyping/[email protected]
Start free — 25 scans / moView full evidence