npm · registry.npmjs.org

bravado-server

Remote Dependency Spec: devDependencies.bravado-client-generator="github:Losant/bravado-client-generator#master"

Why PkgRadar flagged 1.6.0

Severity	Signal	Evidence
medium	Remote Dependency Spec	devDependencies.bravado-client-generator="github:Losant/bravado-client-generator#master" · package.json
medium	Dependency Changed To Remote Vs Previous	devDependencies.bravado-client-generator changed to remote spec in 1.6.0 vs 1.5.1: "github:Losant/bravado-client-generator#master" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.4.0`	Low risk	0	2026-06-09
`1.5.0`	Low risk	0	2026-06-09
`1.5.1`	Low risk	0	2026-06-09
`1.6.0`	Review	16	2026-06-09

Block this in CI

PkgRadar gates bravado-server (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]