PkgRadar

Package evidence

@briggsd/[email protected]

Suspicious Publish Context: {"package_age_days":0,"publisher":"briggsd","burst_same_day":1,"burst_week":1,"lure":null,"version_anomaly":false,"new_account":true}

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
2
First published
Jun 2026
Publisher
briggsd

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@briggsd/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@briggsd/[email protected]"],"fail_on":"review"}'
Publisherbriggsd
Artifact bytes351,936
Previous versionnone
Published2026-06-20T12:16:01.277Z
SHA-256d6371fd5ae81a306fcd5d4ce7498931ab29b3ff009a41a6a42a7f09955f149d7

Why flagged

What the scanner saw

Suspicious Publish Context: {"package_age_days":0,"publisher":"briggsd","burst_same_day":1,"burst_week":1,"lure":null,"version_anomaly":false,"new_account":true}

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
10Score
0.3.0Version
Status history (1 event)
  1. newavailable · risk review · score 10 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumSuspicious Publish Contextmanifest{"package_age_days":0,"publisher":"briggsd","burst_same_day":1,"burst_week":1,"lure":null,"version_anomaly":false,"new_account":true}10

Manifest

Package metadata

Scripts30
  • boundariesdepcruise src --config .dependency-cruiser.cjs
  • checkbunx tsc --noEmit && bun test
  • compile:smokebun run scripts/compile-smoke.ts
  • complexity:checkbun run scripts/check-complexity.ts
  • complexity:updatebun run scripts/check-complexity.ts --update
  • docs:checkbun run scripts/check-docs.ts
  • docs:stalebun run scripts/check-docs.ts --mode=advisory
  • dupjscpd src
  • evalsbun run scripts/evals.ts
  • gatebun run check && bun run boundaries && bun run lint && bun run docs:check && bun run complexity:check && bun run workflows:check && bun run knip
  • knipknip
  • lintbiome check .
  • lint:fixbiome check --write .
  • pack:compilebun run scripts/package-compile.ts
  • pack:smokebun run scripts/package-smoke.ts
  • review:localbun run src/cli.ts run --git-diff
  • schema:configbun run scripts/write-config-schema.ts
  • smoke:action-wrapperbun run scripts/action-wrapper-smoke.ts
  • smoke:external-packagebun run scripts/external-package-smoke.ts
  • smoke:gitlabbun run scripts/gitlab-live-smoke.ts
  • smoke:pibun run scripts/pi-live-smoke.ts
  • spike:structured-outputbun run scripts/structured-output-spike.ts
  • startbun run src/cli.ts
  • telemetry:analyzebun run scripts/telemetry-analyze.ts
  • telemetry:backfill-lokibun run scripts/telemetry-backfill-loki.ts
  • telemetry:ingestbun run scripts/telemetry-ingest.ts
  • telemetry:qualitybun run scripts/telemetry-quality-report.ts
  • telemetry:rollupbun run scripts/telemetry-rollup.ts
  • testbun test
  • workflows:checkbun run scripts/check-workflows.ts