PkgRadar

Package evidence

@capcons/[email protected]

Obfuscation Density: high encoded/escaped-token density

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@capcons/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@capcons/[email protected]"],"fail_on":"review"}'
Publishercodingwonderer
Artifact bytes1,029,707
Previous version0.1.30
Published2026-05-24T03:16:39.505Z
SHA-256ae6489b7f78c865271814faa86d898241167bf6f82ce9c4db70385f8d7e771f2

Why flagged

What the scanner saw

Obfuscation Density: high encoded/escaped-token density

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
25Score
2.0.0Version
Status history (1 event)
  1. newavailable · risk review · score 25 · status changed

Evidence

Static findings

3 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumObfuscation Densitypackage/dist/index-nqtcpfaq.jshigh encoded/escaped-token density12
mediumLarge Javascript Payloadpackage/dist/index-6wxqf9sk.js4219689 bytes10
Show all 3 findings (low-signal and informational)
SeverityKindPathDetailPoints
mediumObfuscation Densitypackage/dist/index-nqtcpfaq.jshigh encoded/escaped-token density12
mediumLarge Javascript Payloadpackage/dist/index-6wxqf9sk.js4219689 bytes10
lowObfuscationpackage/dist/index-nqtcpfaq.jsmatched "\\x1b"3

Manifest

Package metadata

Scripts9
  • buildbun run clean && bun build ./src/index.ts ./src/react.ts ./src/next.ts ./src/next-runtime.tsx ./src/next-config.ts ./src/runtime.ts ./src/server.ts ./src/client.ts ./src/context.ts ./src/editable.ts ./src/authoring.ts ./src/authoring-react.ts ./src/public-runtime.ts ./src/editor-preview.ts ./src/editor-preview-next.tsx ./src/auth.ts ./src/auth-next.ts ./src/auth-client.ts ./src/auth-session.ts ./src/api-proxy.ts ./src/compiler.ts ./src/cli.ts ./src/bin.ts --root ./src --entry-naming "[name].[ext]" --outdir ./dist --target node --format esm --splitting --external react --external react-dom --external next && bun ./scripts/copy-setup-screens.ts && bun run build:types
  • build:typesbunx tsc -p tsconfig.build.json && bun ./scripts/vendor-types.ts
  • cleanbun -e "import { rmSync } from 'node:fs'; rmSync('dist', { recursive: true, force: true });"
  • formatbunx eslint --fix .
  • lintbunx eslint . --max-warnings 0
  • prepackbun run build
  • publish:drybun publish --dry-run
  • releasebun publish --access public
  • typecheckbunx tsc --noEmit