PkgRadar

Package evidence

@accounter/server@0.0.12-alpha-20260620042703-7c963398118a7c573b349693ea440c2a56066ee8

Tls Verification Disabled: matched "rejectUnauthorized: false"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
25,195Mainstream · −50% score
Versions published
3,785Mature · −50% score
First published
Mar 2024
Publisher
GitHub ActionsTrusted automation · −70% score

Effective trust discount applied: 70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@accounter/server@0.0.12-alpha-20260620042703-7c963398118a7c573b349693ea440c2a56066ee8"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@accounter/server@0.0.12-alpha-20260620042703-7c963398118a7c573b349693ea440c2a56066ee8"],"fail_on":"review"}'
PublisherGitHub Actions
Artifact bytes2,737,973
Previous version0.0.12-alpha-20260619024435-0f8118c767d1c390b6014fcdfe3d242ee56f9f96
Published2026-06-20T04:29:32.846Z
SHA-256a4ff664950941db7ae69108e87d94ac45316b1ca2d8ebdf7b9508eaf5d3eb666

Why flagged

What the scanner saw

Tls Verification Disabled: matched "rejectUnauthorized: false"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
7Score
0.0.12-alpha-20260620042703-7c963398118a7c573b349693ea440c2a56066ee8Version
Status history (1 event)
  1. newavailable · risk review · score 7 · status changed

Evidence

Static findings

2 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumTls Verification Disabledpackage/dist/server/src/index.jsmatched "rejectUnauthorized: false"12
mediumTls Verification Disabledpackage/src/index.tsmatched "rejectUnauthorized: false"12

Manifest

Package metadata

Scripts16
  • buildtsc && tsc-alias
  • cleanup:expired-invitationstsx src/scripts/run-invitation-cleanup.ts
  • devnodemon --exec "yarn build && yarn start | pino-pretty" --ignore dist --watch 'src/**/*' -e ts,tsx,mts
  • generateyarn generate:all
  • generate:sqldotenv -e ../../.env yarn pgtyped
  • generate:sql:watchdotenv -e ../../.env yarn pgtyped:watch
  • pgtypedyarn rimraf **/__generated__/*.types.ts; DATABASE_URL=$(node scripts/set-db-url.cjs) pgtyped -c $(node scripts/generate-local-pgconfig.cjs)
  • pgtyped:watchyarn pgtyped -w
  • seed:admintsx scripts/seed-admin-context.ts
  • seed:admin-contexttsx scripts/seed-admin-context.ts
  • seed:super-admintsx scripts/seed-super-admin.ts
  • server:buildyarn build
  • server:build:prodyarn generate && yarn workspaces foreach --all --parallel --include @accounter/green-invoice-graphql --include @accounter/pcn874-generator --include @accounter/shaam-uniform-format-generator --include @accounter/shaam6111-generator run build && yarn build
  • server:devyarn dev
  • startnode --import ./dist/server/src/bootstrap-telemetry.js dist/server/src/index.js
  • validate:demotsx src/demo-fixtures/validate-demo-data.ts
Dependencies47
  • @accounter/green-invoice-graphqlworkspace:^
  • @accounter/pcn874-generatorworkspace:^
  • @accounter/shaam-uniform-format-generatorworkspace:^
  • @accounter/shaam6111-generatorworkspace:^
  • @ai-sdk/anthropic3.0.84
  • @envelop/core5.5.1
  • @envelop/generic-auth11.1.1
  • @envelop/graphql-modules9.1.1
  • @google-cloud/pubsub5.3.1
  • @graphql-hive/yoga0.48.1
  • @graphql-tools/utils11.1.0
  • @graphql-yoga/plugin-defer-stream3.21.2
  • @opentelemetry/api1.9.1
  • @opentelemetry/auto-instrumentations-node0.77.0
  • @opentelemetry/exporter-trace-otlp-http0.219.0
  • @opentelemetry/resources2.8.0
  • @opentelemetry/sdk-node0.219.0
  • @opentelemetry/semantic-conventions1.41.1
  • @pgtyped/cli2.4.3
  • @pgtyped/runtime2.4.2
  • @whatwg-node/fetch0.10.13
  • ai6.0.206
  • async-mutex0.5.0
  • auth05.12.0
  • basic-auth2.0.1
  • bcrypt6.0.0
  • cloudinary2.10.0
  • dataloader2.2.3
  • date-fns4.4.0
  • dotenv17.4.2
  • …and 17 more.