PkgRadar

npm · registry.npmjs.org

dodopayments-mcp

Remote Dependency Spec: dependencies.jq-web="https://github.com/stainless-api/jq-web/releases/download/v0.8.8/jq-web.tar.gz"

Why PkgRadar flagged 2.38.0

SeveritySignalEvidence
highRemote Dependency Specdependencies.jq-web="https://github.com/stainless-api/jq-web/releases/download/v0.8.8/jq-web.tar.gz" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
2.38.0High risk62026-06-13
2.37.0High risk62026-06-13
2.36.0High risk62026-06-10
2.35.0High risk62026-06-10
2.34.0High risk62026-06-10
2.33.0High risk62026-06-10
2.32.2High risk62026-06-10
2.32.0Review62026-05-30
2.32.1Review62026-05-30

Block this in CI

PkgRadar gates dodopayments-mcp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence
dodopayments-mcp — npm security scan | PkgRadar