Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 168Mature · −50% score
- First published
- Feb 2025
- Publisher
- ychetyrko
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@artel/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@artel/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Obfuscation Density: high encoded/escaped-token density
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
2 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 2 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Obfuscation Density | package/build/chunk-EFDSEPVX.js | high encoded/escaped-token density | 0 |
| low | Large Javascript Payload | package/build/chunk-LKJKS5OJ.js | 4642473 bytes | 0 |
Manifest
Package metadata
Scripts19
bundle:debugnpm run compile && node ./scripts/bundle.js --debugbundle:releasenpm run compile && node ./scripts/bundle.jscheck-circular-dependenciesdpdm ./source/Cli.ts -T --no-tree --no-warningcheck-circular-dependencies-cidpdm ./source/Cli.ts -T --no-tree --no-warning --no-progress --exit-code circular:1compilenpm run generate-files && tsc --build .copy-global-storagenode ../vscode-extension/scripts/copy-global-storage.js projects/compiler/СистемныеПакетыcreate-minimal-required-standard-package-contents-jsonesbuild ./scripts/createMinimalStandardPackageContentsJson.ts --bundle --outfile=../../build/scripts/createMinimalStandardPackageContentsJson.mjs --format=esm --platform=node --packages=external --supported:async-await=false && node ../../build/scripts/createMinimalStandardPackageContentsJson.mjsdebug-testnode --experimental-vm-modules ../../node_modules/jest/bin/jest.jsexport-l10n-textnpx @vscode/l10n-dev export -o l10n sourcegenerate-configuration-json-schemasnode ./scripts/generateConfigurationJsonSchemas.mjsgenerate-filesgenerate-files:forcegenerate-treenpm run bundle:debug && node build/Cli.js build ../tree-generator/ ../tree-generator/build --workspace ../.. --standard-packages ../СтандартныеПакеты --no-warnings && node ../tree-generator/build/launch.mjs ../compiler/source/treeinstall-globalnpm run prepare-for-publish && npm i -g .lint:checkeslint source testlint:fixeslint --fix source testprepare-for-publishnpm run bundle:release && node ./scripts/copy-compiler-dts.jstestnpm run before-build --prefix ../.. && node --experimental-vm-modules ../../node_modules/jest/bin/jest.jstest-clinode scripts/test-cli.js
Dependencies14
@babel/core7.27.3@babel/generator7.27.3@babel/parser7.27.3@babel/plugin-proposal-decorators7.28.0@babel/plugin-transform-class-properties7.27.1@babel/types7.27.3@vscode/l10n0.0.18jsonc-parser3.3.1reactronic^0.96.26029typescript5.9.3vscode-json-languageservice5.4.2vscode-languageserver9.0.1vscode-languageserver-textdocument1.0.11vscode-uri3.0.8