Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 1,504Niche · −30% score
- Versions published
- 14
- First published
- May 2026
- Publisher
- dpantani
Effective trust discount applied: −30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@dpantani/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@dpantani/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Large Javascript Payload: 3854034 bytes
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
2 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 2 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Large Javascript Payload | package/dist/cli/agent.js | 3854034 bytes | 0 |
| low | Large Javascript Payload | package/dist/index.js | 3486433 bytes | 0 |
Manifest
Package metadata
Scripts43
agent:catalog:gentsx scripts/gen-agent-command-catalog.ts && biome check --write src/agentCommandCatalog.tsai-party:devtsx src/automation/aiPartyLive/cli.ts devai-party:drytsx src/automation/aiPartyLive/cli.ts dryai-party:llm-baselinetsx training/showintent/src/cli.ts baselineai-party:llm-evaltsx training/showintent/src/cli.ts evalai-party:llm-generate-datatsx training/showintent/src/cli.ts generate-dataai-party:llm-import-curatedtsx training/showintent/src/cli.ts import-curatedai-party:td-buildtsx src/automation/aiPartyLive/cli.ts td-buildai-party:telegramtsx src/automation/aiPartyLive/cli.ts telegramai-party:testnode scripts/run-vitest.mjs run tests/unit/aiPartyLive.test.ts tests/unit/showDirector.test.ts tests/unit/aiPartyGateway.test.ts tests/unit/aiPartyPoc.test.tsbuildtsc && tsup && node scripts/copy-assets.mjsbuild:mcpbnode scripts/build-dxt.mjscomplexity:jsnpm exec --offline -- eslint --no-error-on-unmatched-pattern "src/**/*.{js,mjs,cjs}" "scripts/**/*.{js,mjs,cjs}" "*.{js,mjs,cjs}"complexity:pyuvx ruff check td --select C901coverage:harnessnode scripts/coverage-harness.mjsdeps:checkdepcruise --config .dependency-cruiser.cjs srcdevtsx src/index.tsdocs:buildnpm run docs:gen && vitepress build docsdocs:clipsnode scripts/generate-doc-example-clips.mjsdocs:devnpm run docs:gen && vitepress dev docsdocs:gentsx scripts/gen-tool-docs.tsdocs:previewvitepress preview docsformatbiome format --write .import:bottobottsx scripts/import-bottobot-data.tslintbiome check .lint:fixbiome check --write .lint:pyuvx ruff check tdlint:py:fixuvx ruff check td --fix-onlylint:recipestsx scripts/lint-recipes.tsprepacknode scripts/clean-pycache.mjs- …and 13 more.
Dependencies4
@modelcontextprotocol/sdk^1.29.0gray-matter^4.0.3shader-park-core^0.2.8zod^4.4.3