npm · registry.npmjs.org

@hallucination-studio/harness-engine

Suspicious Publish Context: {"package_age_days":2,"publisher":"flamingo.o","burst_same_day":1,"burst_week":1,"lure":null,"version_anomaly":false,"new_account":true}

Why PkgRadar flagged 1.0.0-nightly.20260613.2

Severity	Signal	Evidence
medium	Suspicious Publish Context	{"package_age_days":2,"publisher":"flamingo.o","burst_same_day":1,"burst_week":1,"lure":null,"version_anomaly":false,"new_account":true}

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.0.0-nightly.20260613.2`	Review	10	2026-06-13
`1.0.1`	Low risk	0	2026-06-12
`1.0.0-beta.18.ab4b55a`	Low risk	0	2026-06-12
`1.0.0-nightly.20260612.1`	Low risk	0	2026-06-12
`1.0.0-beta.17.412ec6e`	Low risk	0	2026-06-12
`1.0.0-beta.16.565063c`	Low risk	0	2026-06-12
`1.0.0-beta.15.f39cb72`	Low risk	0	2026-06-12
`1.0.0-beta.14.a797755`	Low risk	0	2026-06-12
`1.0.0-beta.13.cf40fab`	Low risk	0	2026-06-11
`1.0.0-beta.12.d308768`	Low risk	0	2026-06-11
`1.0.0-beta.11.2a4849a`	Low risk	0	2026-06-11
`1.0.0-beta.10.9ff10d9`	Low risk	0	2026-06-11
`1.0.0-beta.9.bb2cd30`	Low risk	0	2026-06-11
`1.0.0-beta.8.87407`	Low risk	0	2026-06-11
`1.0.0`	Low risk	0	2026-06-11

Block this in CI

PkgRadar gates @hallucination-studio/harness-engine (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @hallucination-studio/[email protected]

Start free — 25 scans / mo View full evidence