DEV Community

Cover image for Releasing revera@1.0.0
Aarav Maloo
Aarav Maloo

Posted on

Releasing revera@1.0.0

Today I launched revera@1.0.0, upgrading from 0.1.0 to stable.
revera is a CLI that scores npm packages for security risk before you install them. The 1.0.0 rewrite replaces fixed weights with a Bayesian evidence engine: every package becomes a node in its dependency graph, gets scored across 8 categories from real signals (vuln feeds, publisher trust, GitHub activity, typosquat detection), and risk propagates bottom-up through the whole dependency tree, not just the top-level package.
Previously it used pre-defined weights. Now it decides its own weights from the evidence.
npm install revera

Top comments (0)