npm · registry.npmjs.org

whatsapp-rust-bridge

Remote Dependency Spec: devDependencies.@whiskeysockets/libsignal-node="git+https://github.com/whiskeysockets/libsignal-node"

Why PkgRadar flagged 0.6.0-alpha.36

Severity	Signal	Evidence
medium	Remote Dependency Spec	devDependencies.@whiskeysockets/libsignal-node="git+https://github.com/whiskeysockets/libsignal-node" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.6.0-alpha.36`	Review	2	2026-06-02
`0.6.0-alpha.35`	Review	5	2026-06-01
`0.6.0-alpha.34`	Review	2	2026-06-01
`0.6.0-alpha.33`	Review	2	2026-05-30
`0.6.0-alpha.32`	Review	5	2026-05-29
`0.6.0-alpha.31`	Review	2	2026-05-29
`0.6.0-alpha.29`	Review	5	2026-05-29
`0.6.0-alpha.30`	Review	5	2026-05-29

Block this in CI

PkgRadar gates whatsapp-rust-bridge (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]