PkgRadar

Package evidence

@drewling/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
501
Versions published
5
First published
Apr 2026
Publisher
tayoonabule

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@drewling/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@drewling/[email protected]"],"fail_on":"review"}'
Publishertayoonabule
Artifact bytes150,851
Previous version0.7.0
Published2026-06-08T22:14:10.759Z
SHA-2563d38b4f902d1d42aecf633ff1ee1daed52d50f6ea58051126ccbbea9bfc38a14

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
0.7.1Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts12
  • buildtsc && shx chmod 755 build/index.js
  • check:specnode scripts/check-spec-drift.js
  • devtsc --watch
  • fetch:specnode -e "const u=process.env.TWENTY_API_URL,k=process.env.TWENTY_API_KEY;if(!u||!k){console.error('Set TWENTY_API_URL and TWENTY_API_KEY');process.exit(1)}fetch(u.replace(/\/$/,'')+'/open-api/core',{headers:{Authorization:'Bearer '+k}}).then(r=>r.ok?r.text():Promise.reject(r.status)).then(t=>{require('fs').writeFileSync('openapi/twenty-core.json',t);console.log('Saved openapi/twenty-core.json')})"
  • fetch:spec:metadatanode -e "const u=process.env.TWENTY_API_URL,k=process.env.TWENTY_API_KEY;if(!u||!k){console.error('Set TWENTY_API_URL and TWENTY_API_KEY');process.exit(1)}fetch(u.replace(/\/$/,'')+'/open-api/metadata',{headers:{Authorization:'Bearer '+k}}).then(r=>r.ok?r.text():Promise.reject(r.status)).then(t=>{require('fs').writeFileSync('openapi/twenty-metadata.json',t);console.log('Saved openapi/twenty-metadata.json')})"
  • fetch:specsnpm run fetch:spec && npm run fetch:spec:metadata
  • prestartnpm run build
  • regenopenapi-mcp-generator --input openapi/twenty-core.json --output . --server-name twenty-mcp --server-version 0.2.0 --transport stdio --force
  • regen:metadatanode scripts/gen-metadata-tools.js
  • startnode build/index.js
  • testvitest run
  • typechecktsc --noEmit
Dependencies6
  • @modelcontextprotocol/sdk^1.10.0
  • axios^1.9.0
  • dotenv^16.4.5
  • json-schema-to-zod^2.6.1
  • pino^10.3.1
  • zod^3.24.3