PkgRadar

Package evidence

@botcoinmoney/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
2
First published
Jun 2026
Publisher
botcoinmoney

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@botcoinmoney/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@botcoinmoney/[email protected]"],"fail_on":"review"}'
Publisherbotcoinmoney
Artifact bytes951,770
Previous version0.2.0
Published2026-06-16T02:31:28.466Z
SHA-25632c6793f45542d3194370a87ca5376ef168aa2f610e3a6789f97267385a0a1d5

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
0.7.1Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts10
  • buildtsc -p tsconfig.json
  • cleanrm -rf dist tsconfig.tsbuildinfo
  • pack:checknpm pack --dry-run
  • prebuildnpm run clean
  • prepacknpm run build
  • sync:from-coretexnode tooling/sync-from-coretex.mjs
  • testnpm run test:unit
  • test:unitnode --test --test-concurrency=2 --test-reporter=spec ./test/unit/base-blockhash.test.mjs ./test/unit/bundle-base-rpc-config.test.mjs ./test/unit/bundle-client-version-policy.test.mjs ./test/unit/bundle-h1-h2-fields.test.mjs ./test/unit/bundle.test.mjs ./test/unit/canonical-json.test.mjs ./test/unit/codec.test.mjs ./test/unit/coretex-registry-replay.test.mjs ./test/unit/coordinator-contract.test.mjs ./test/unit/corpus-root-cache.test.mjs ./test/unit/corpus-serializer-roundtrip.test.mjs ./test/unit/epoch-rotation.test.mjs ./test/unit/eval-report-artifact.test.mjs ./test/unit/merkle.test.mjs ./test/unit/patch.test.mjs ./test/unit/qwen-prompt-template-golden.test.mjs ./test/unit/reducer.test.mjs ./test/unit/replay-cli.test.mjs ./test/unit/replay-v4.test.mjs ./test/unit/reranker-input-cap.test.mjs ./test/unit/reranker-length-bucketing-order.test.mjs ./test/unit/reranker-script-resolution.test.mjs ./test/unit/retrieval-decoder.test.mjs ./test/unit/rpc-fetch-target.test.mjs ./test/unit/seed-derivation-golden.test.mjs ./test/unit/seed-derivation.test.mjs ./test/unit/slot-policy.test.mjs ./test/unit/state-root-vectors.test.mjs ./test/unit/validate.test.mjs ./test/unit/client-package-fresh-install.test.mjs ./test/unit/client-reranker-fail-closed.test.mjs ./test/unit/client-runtime.test.mjs ./test/unit/client-setup-cli.test.mjs ./test/unit/client-sync-atomicity.test.mjs ./test/unit/client-sync-backlog-drain.test.mjs ./test/unit/client-sync-corpus-autoresolve.test.mjs ./test/unit/client-sync-defaults.test.mjs ./test/unit/client-sync-hardening.test.mjs ./test/unit/client-sync.test.mjs ./test/unit/launch-recovery-pin.test.mjs ./test/unit/workers.test.mjs
  • typechecktsc -p tsconfig.json --noEmit
  • version:checknode scripts/check-release-version.mjs
Optional dependencies1
  • @huggingface/transformers^4.1.0