Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 2,177Niche · −30% score
- Versions published
- 50
- First published
- May 2026
- Publisher
- exellix
Effective trust discount applied: −30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@exellix/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@exellix/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
No high-signal static finding in the saved report.
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
No findings stored for this release.
Manifest
Package metadata
Scripts11
buildtsccheck:no-legacynode scripts/check-no-legacy.mjslinteslint src testkit --ext .tsprebuildnode scripts/clean-dist.mjsprepublishOnlynpm run buildrun:pre-synthesisnpm run build && node --env-file=.env scripts/run-pre-synthesis-graph.mjstestnpm run build && npm run check:no-legacy && tsx --test --test-force-exit --test-timeout=180000 --test-concurrency=2 tests/model-alias-canonical.test.ts tests/model-alias-execute.test.ts tests/model-alias-strategy.test.ts tests/model-alias-subnets.test.ts tests/ai-tasks-error-propagation.test.ts tests/reports-fixtures-pre-synthesis.test.ts tests/passthrough-parity.test.ts tests/step-retry-llm-call.test.ts tests/run-log-diagnostics.test.tstest:fullnpm run build && npm run check:no-legacy && tsx --test --test-force-exit --test-timeout=180000 --test-concurrency=2 tests/graph-engine.test.ts tests/passthrough-parity.test.ts tests/task-node-run-task-preflight.test.ts tests/reports-fixtures-pre-synthesis.test.ts tests/model-alias-canonical.test.ts tests/model-alias-execute.test.ts tests/model-alias-strategy.test.ts tests/model-alias-subnets.test.ts tests/compile-host-patches.test.ts tests/reference-fixtures-compile.test.ts tests/step-retry-llm-call.test.tstest:livenpm run run:pre-synthesistest:subnets-graph-fixturenpm run build && node --test tests/subnets-graph.fixture.test.mjstest:subnets-graph-livenpm run build && node --env-file=.env --test tests/subnets-graph.live.test.mjs
Dependencies22
@exellix/ai-skills^6.9.1@exellix/ai-tasks^9.1.1@x12i/activix^8.6.3@x12i/catalox^5.2.0@x12i/env^4.0.1@x12i/funcx^4.9.13@x12i/graphenix^2.5.0@x12i/graphenix-authoring-format^2.0.1@x12i/graphenix-core^2.0.1@x12i/graphenix-executable-contracts^2.0.1@x12i/graphenix-executable-format^2.2.1@x12i/graphenix-execute-envelope^2.0.0@x12i/graphenix-format^2.0.0@x12i/graphenix-plan-compiler^2.0.1@x12i/graphenix-plan-format^2.0.1@x12i/graphenix-trace-format^2.0.1@x12i/logxer^4.6.0@x12i/memorix-descriptors^1.6.0@x12i/memorix-retrieval^1.11.2@x12i/memorix-writer^1.0.0@x12i/rendrix^4.3.0@x12i/runx^1.3.2