PkgRadar

Package evidence

@certd/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
1,321Niche · −30% score
Versions published
227Mature · −50% score
First published
Dec 2020
Publisher
greper

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@certd/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@certd/[email protected]"],"fail_on":"review"}'
Publishergreper
Artifact bytes44,181
Previous version1.41.3
Published2026-06-14T13:30:40.861Z
SHA-2566e14f22b7bf0b802bbb62529a7d3c669338e5397c5add7b0dfef6778b3724669

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
1.41.4Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts11
  • before-buildnode -e "const fs=require('fs');fs.rmSync('dist',{recursive:true,force:true});fs.rmSync('tsconfig.tsbuildinfo',{force:true});"
  • before-test:unitnode -e "const fs=require('fs');fs.rmSync('dist-test',{recursive:true,force:true});fs.rmSync('tsconfig.test.tsbuildinfo',{force:true});"
  • buildnpm run before-build && tsc -p tsconfig.build.json --skipLibCheck
  • build-docsjsdoc2md dist/client.js > docs/client.md && jsdoc2md dist/crypto/index.js > docs/crypto.md && jsdoc2md dist/crypto/forge.js > docs/forge.md
  • compiletsc --skipLibCheck --watch
  • linteslint "src/**/*.ts" "types/**/*.ts"
  • lint-typestsd --files "types/index.test-d.ts"
  • prepublishOnlynpm run build && npm run build-docs
  • pubnpm publish
  • testmocha -t 60000 "test/setup.js" "test/**/*.spec.js"
  • test:unitcross-env NODE_ENV=unittest npm run before-test:unit && cross-env NODE_ENV=unittest tsc -p tsconfig.test.json --skipLibCheck && cross-env NODE_ENV=unittest mocha -t 60000 "dist-test/**/*.test.js"
Dependencies10
  • @certd/basic^1.41.4
  • @peculiar/x509^1.11.0
  • asn1js^3.0.5
  • axios^1.9.0
  • debug^4.3.5
  • http-proxy-agent^7.0.2
  • https-proxy-agent^7.0.5
  • lodash-es^4.17.21
  • node-forge^1.3.1
  • punycode.js^2.3.1