PkgRadar

npm · registry.npmjs.org

firefly-mcp

Remote Dependency Spec: dependencies.jq-web="https://github.com/stainless-api/jq-web/releases/download/v0.8.8/jq-web.tar.gz"

Why PkgRadar flagged 0.1.1

SeveritySignalEvidence
highRemote Dependency Specdependencies.jq-web="https://github.com/stainless-api/jq-web/releases/download/v0.8.8/jq-web.tar.gz" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.1High risk122026-06-10
0.1.0High risk122026-06-10

Block this in CI

PkgRadar gates firefly-mcp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence