npm · registry.npmjs.org

pi-session-graph

Remote Dependency Spec: dependencies.agent-session-store="github:ProbabilityEngineer/agent-session-store#v0.1.8"

Why PkgRadar flagged 0.1.9

Severity	Signal	Evidence
high	New Lifecycle Script Vs Previous	postinstall added in 0.1.9 vs 0.1.8: "node scripts/check-agent-session-store.mjs" · package.json
medium	Remote Dependency Spec	dependencies.agent-session-store="github:ProbabilityEngineer/agent-session-store#v0.1.8" · package.json
medium	Dependency Changed To Remote Vs Previous	dependencies.agent-session-store changed to remote spec in 0.1.9 vs 0.1.8: "github:ProbabilityEngineer/agent-session-store#v0.1.8" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.1.9`	High risk	69	2026-06-05
`0.1.8`	Review	24	2026-06-05
`0.1.6`	Low risk	0	2026-06-02
`0.1.7`	Low risk	0	2026-06-02
`0.1.4`	Low risk	0	2026-06-02
`0.1.1`	Low risk	0	2026-06-02

Block this in CI

PkgRadar gates pi-session-graph (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]