PkgRadar

npm · registry.npmjs.org

webgpu-utils

Remote Dependency Spec: devDependencies.wgsl_reflect="github:brendan-duncan/wgsl_reflect#bb79251c8f17ae2da1c52e04731547bb768cd613"

Why PkgRadar flagged 2.1.0

SeveritySignalEvidence
mediumRemote Dependency SpecdevDependencies.wgsl_reflect="github:brendan-duncan/wgsl_reflect#bb79251c8f17ae2da1c52e04731547bb768cd613" · package.json
mediumDependency Changed To Remote Vs PreviousdevDependencies.wgsl_reflect changed to remote spec in 2.1.0 vs 2.0.3: "github:brendan-duncan/wgsl_reflect#bb79251c8f17ae2da1c52e04731547bb768cd613" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
2.1.0Review162026-06-04
2.1.1Review22026-06-04

Block this in CI

PkgRadar gates webgpu-utils (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence
webgpu-utils — npm security scan | PkgRadar