PkgRadar

Package evidence

@devvit/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
3,781Mature · −50% score
First published
Oct 2022
Publisher
colacadstink

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@devvit/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@devvit/[email protected]"],"fail_on":"review"}'
Publishercolacadstink
Artifact bytes150,488
Previous version0.13.5-next-2026-06-16-20-30-01-fa0b86e10.0
Published2026-06-16T23:26:08.846Z
SHA-256820da483c5a98be1c1f49fec604783543be03c4a03e9330df13d63c3d6d8637e

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
0.13.5-next-2026-06-16-23-25-19-09e673f20.0Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts14
  • buildrm -rf dist oclif.manifest.json && tsc
  • cleanrm -rf .turbo coverage dist docs.json oclif.manifest.json
  • clobberyarn clean && rm -rf node_modules
  • install:dev./scripts/install.sh
  • lintredlint .
  • lint:fixyarn lint --fix
  • postpackrm -f oclif.manifest.json
  • prepackyarn build && oclif manifest
  • testconcurrently -n 'unit,types,lint,oclif' 'yarn test:unit' 'yarn test:types' 'yarn test:lint' 'yarn test:oclif'
  • test:lintyarn lint
  • test:oclifoclif manifest
  • test:typestsc --noEmit
  • test:unitvitest run
  • test:unit-with-coveragevitest run --coverage
Dependencies36
  • @devvit/build-pack0.13.5-next-2026-06-16-23-25-19-09e673f20.0
  • @devvit/builders0.13.5-next-2026-06-16-23-25-19-09e673f20.0
  • @devvit/linkers0.13.5-next-2026-06-16-23-25-19-09e673f20.0
  • @devvit/protos0.13.5-next-2026-06-16-23-25-19-09e673f20.0
  • @devvit/public-api0.13.5-next-2026-06-16-23-25-19-09e673f20.0
  • @devvit/shared-types0.13.5-next-2026-06-16-23-25-19-09e673f20.0
  • @improbable-eng/grpc-web0.15.0
  • @improbable-eng/grpc-web-node-http-transport0.15.0
  • @oclif/core2.9.4
  • @oclif/plugin-autocomplete2.3.3
  • @oclif/plugin-help5.2.14
  • @oclif/plugin-not-found2.3.34
  • @oclif/plugin-warn-if-update-available2.0.45
  • @types/ws8.5.12
  • chalk4.1.2
  • chokidar3.5.3
  • date-fns2.29.3
  • dotenv16.5.0
  • execa9.6.1
  • file-type21.3.2
  • ignore7.0.5
  • image-size2.0.2
  • inquirer9.1.4
  • isomorphic-git1.33.1
  • js-yaml4.1.1
  • jsdom24.1.0
  • jszip3.10.1
  • mime-types3.0.2
  • mustache4.2.0
  • open10.1.0
  • …and 6 more.