Security · 1h ago
Revera 1.0.0 Launches Bayesian Engine for npm Package Security Scoring
Revera, a CLI tool that scores npm packages for security risk, has been upgraded to version 1.0.0. The rewrite replaces fixed weights with a Bayesian evidence engine, scoring packages across 8 categories using real signals like vulnerability feeds and GitHub activity. Risk now propagates bottom-up through the entire dependency tree.
Meridian48 take
The shift to Bayesian inference is a meaningful upgrade for supply-chain security, but its real-world accuracy depends on the quality of underlying signals.
npm-securitycli-tool