PkgRadar

Package evidence

@digitalworld/[email protected]

Suspicious Publish Context: {"package_age_days":0,"publisher":"johnclear","burst_same_day":0,"burst_week":0,"lure":null,"version_anomaly":true,"new_account":true}

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
1
First published
Jun 2026
Publisher
johnclear

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@digitalworld/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@digitalworld/[email protected]"],"fail_on":"review"}'
Publisherjohnclear
Artifact bytes4,952,831
Previous versionnone
Published2026-06-19T20:05:50.643Z
SHA-256ba05aa6f4cfa41a8c12d6a18833fa55ba0f382c3bf22b8154fa1c66703d7b084

Why flagged

What the scanner saw

Suspicious Publish Context: {"package_age_days":0,"publisher":"johnclear","burst_same_day":0,"burst_week":0,"lure":null,"version_anomaly":true,"new_account":true}

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
10Score
16.0.0Version
Status history (1 event)
  1. newavailable · risk review · score 10 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumSuspicious Publish Contextmanifest{"package_age_days":0,"publisher":"johnclear","burst_same_day":0,"burst_week":0,"lure":null,"version_anomaly":true,"new_account":true}10

Manifest

Package metadata

Scripts35
  • _buildpnpm run clean && pnpm run build:lib:all && pnpm run build:types:all
  • _prettierprettier --ignore-path config/.prettierignore --write './src/**/*.ts' './test/**/*.{js,ts}'
  • buildcross-env NODE_ENV=development pnpm run _build
  • build:librollup -c
  • build:lib:allpnpm run build:lib && pnpm run build:lib:axios
  • build:lib:axioscross-env USE_AXIOS=true rollup -c
  • build:prodcross-env NODE_ENV=production pnpm run _build
  • build:typestsc -p tsconfig.json && mkdir -p lib/esm/base/generated && cp src/base/generated/*.d.ts lib/esm/base/generated/
  • build:types:allpnpm run build:types && pnpm run build:types:axios
  • build:types:axiostsc -p config/tsconfig.axios.json && mkdir -p lib/axios/esm/base/generated && cp src/base/generated/*.d.ts lib/axios/esm/base/generated/
  • cleanrm -rf lib/ dist/ coverage/ jsdoc/ test/e2e/.soroban
  • clean:bundle-sizerm -rf node_modules lib/ dist/ coverage/ jsdoc/ test/e2e/.soroban
  • docspnpm docs:reference && pnpm docs:llms && pnpm docs:robots && pnpm docs:htaccess && pnpm docs:site
  • docs:devastro dev
  • docs:htaccesstsx scripts/build-htaccess.ts
  • docs:llmstsx scripts/build-llms.ts
  • docs:previewastro preview
  • docs:referencetsx scripts/build-docs.ts
  • docs:robotstsx scripts/build-robots.ts
  • docs:siteastro build && tsx scripts/build-md-siblings.ts
  • download-sac-specnode scripts/download-sac-spec.js
  • fmtpnpm run _prettier && eslint src/ --fix
  • postbuild:libnode config/write-module-type.js lib/cjs commonjs
  • postbuild:lib:axiosnode config/write-module-type.js lib/axios/cjs commonjs
  • preversionpnpm run clean && pnpm run _prettier && pnpm run build:prod && pnpm run test
  • setupgit config blame.ignoreRevsFile .git-blame-ignore-revs
  • testpnpm run test:node && pnpm run test:node:axios && pnpm run test:integration && pnpm run test:browser
  • test:allpnpm run test:node && pnpm run test:node:axios && pnpm run test:integration && pnpm run test:browser && pnpm run test:e2e
  • test:browserpnpm run build:lib && vitest run --config config/vitest.config.browser.ts test/unit --coverage
  • test:browser:axiospnpm run build:lib:axios && cross-env TRANSPORT=axios vitest run --config config/vitest.config.browser.ts test/unit
  • …and 5 more.
Dependencies12
  • @noble/ed25519^3.1.0
  • @noble/hashes^2.2.0
  • @stellar/js-xdr4.0.0
  • axios1.16.1
  • base32.js^0.1.0
  • bignumber.js^11.1.1
  • buffer^6.0.3
  • commander^14.0.3
  • eventsource^4.1.0
  • feaxios^0.0.23
  • smol-toml^1.6.1
  • uint8array-extras^1.5.0