PkgRadar

npm · registry.npmjs.org

json-joy

Remote Dependency Spec: devDependencies.editing-traces="https://github.com/streamich/editing-traces#71c6d732956dbe08a490f8cd9764214bd3d4c9b7"

Why PkgRadar flagged 18.24.0

SeveritySignalEvidence
highRemote Dependency SpecdevDependencies.editing-traces="https://github.com/streamich/editing-traces#71c6d732956dbe08a490f8cd9764214bd3d4c9b7" · package.json
highRemote Dependency SpecdevDependencies.json-crdt-traces="https://github.com/streamich/json-crdt-traces#ec825401dc05cbb74b9e0b3c4d6527399f54d54d" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
18.24.0Review42026-06-02
18.28.0Review42026-06-02

Block this in CI

PkgRadar gates json-joy (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence