PkgRadar

npm · registry.npmjs.org

spec-generator

Remote Dependency Spec: dependencies.specref="github:tobie/specref"

Why PkgRadar flagged 1.8.1

SeveritySignalEvidence
mediumRemote Dependency Specdependencies.specref="github:tobie/specref" · package.json
mediumRemote Dependency Specdependencies.webref="github:darobin/webref" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
1.8.1Review122026-06-08
1.6.0Review122026-06-08
1.6.1Review122026-06-08
1.7.0Review122026-06-08
1.8.0Review122026-06-08

Block this in CI

PkgRadar gates spec-generator (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence