Revera 1.0.0 Launches with Bayesian Engine to Score npm Package Security Risk
A developer has released revera version 1.0.0, upgrading the tool from its earlier 0.1.0 beta to a stable release. Revera is a command-line interface designed to assess the security risk of npm packages before they are installed. The major rewrite replaces the previous fixed-weight scoring system with a Bayesian evidence engine that dynamically determines weights based on real signals. Each package is evaluated across eight categories — including vulnerability feeds, publisher trust, GitHub activity, and typosquat detection — and risk scores propagate through the entire dependency tree rather than just the top-level package. The tool is publicly available and can be installed via npm.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in