PkgRadar

Package evidence

@exellix/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
2,561Niche · −30% score
Versions published
40
First published
May 2026
Publisher
exellix

Effective trust discount applied: 30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@exellix/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@exellix/[email protected]"],"fail_on":"review"}'
Publisherexellix
Artifact bytes196,407
Previous version4.8.1
Published2026-06-12T22:29:16.290Z
SHA-256adc463ed881e2e1cb5a88bfc6709e492a6b220a84511eacb9f78d016b7480721

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
4.8.2Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts43
  • buildtsc
  • cleanrimraf dist
  • prepacknpm run build
  • seed:catalox-action-catalogstsx scripts/seed-catalox-xynthesis-action-catalogs.ts
  • testnpm run validate:models && npm run validate:catalox-catalog && npm run validate:catalox-seed-output-intent && npm run test:token-budget && npm run test:output-intent && npm run test:synthesized-context-prestep && npm run test:finalize && npm run test:runtime-objects && npm run test:activix-telemetry && npm run test:activix-isolation && npm run test:activix-diagnostics-owner && npm run test:resolve-ai-profile-model && npm run test:prefer-openrouter-policy && npm run test:funcx-prefer-openrouter-policy && npm run test:funcx-model-wire && npm run test:funcx-catalog-gate && npm run test:funcx-billing && npm run test:resolve-invoke-billing && npm run test:funcx-activix-disabled && npm run test:sidekick-gateway && npm run test:verbose-logging && npm run test:build-sidekick-input && npm run test:ai-actions-export && npm run test:invoke-params && npm run test:max-token-retry && npm run test:execution-strategy-actions && npm run test:funcx-prompt-parity && npm run test:sidekick-funcx-catalog-map
  • test:activix-diagnostics-ownertsx test/activixDiagnosticsOwner.unit.ts
  • test:activix-isolationtsx test/executeXynthesisAction.activixIsolation.test.ts
  • test:activix-telemetrytsx test/activixTelemetry.unit.ts
  • test:ai-actions-exporttsx test/aiActionsExport.unit.ts
  • test:build-sidekick-inputtsx test/buildSidekickInputFromTemplateContext.unit.ts
  • test:catalox-firestoretsx scripts/test-catalox-firestore-connection.ts
  • test:client-envelopetsx test/clientEnvelopeIntegration.ts
  • test:client-envelope:livenpm run test:client-envelope
  • test:execution-strategy-actionstsx test/executionStrategyActions.unit.ts
  • test:finalizetsx test/finalize.unit.ts
  • test:finalize:livetsx test/finalize.live.ts
  • test:funcx-activix-disabledtsx test/funcxActivixDisabled.unit.ts
  • test:funcx-billingtsx test/funcxInvoker.billing.unit.ts
  • test:funcx-catalog-gatetsx test/funcxInvoker.catalogGate.unit.ts
  • test:funcx-model-wiretsx test/funcxInvoker.modelWire.unit.ts
  • test:funcx-prefer-openrouter-policytsx test/funcxPreferOpenRouterPolicy.unit.ts
  • test:funcx-prompt-paritytsx test/sidekickFuncxPromptParity.unit.ts
  • test:integrationnpm run test && npm run test:live && npm run test:client-envelope && npm run test:finalize:live
  • test:invoke-paramstsx test/executeXynthesisAction.invokeParams.unit.ts
  • test:livetsx test/live.ts
  • test:max-token-retrytsx test/executeXynthesisAction.maxTokenRetry.unit.ts
  • test:output-intenttsx test/outputIntent.unit.ts
  • test:prefer-openrouter-policytsx test/preferOpenRouterPolicy.unit.ts
  • test:resolve-ai-profile-modeltsx test/resolveAiProfileModel.unit.ts
  • test:resolve-invoke-billingtsx test/resolveInvokeBilling.unit.ts
  • …and 13 more.
Dependencies11
  • @x12i/activix^8.6.3
  • @x12i/ai-profiles^3.4.0
  • @x12i/catalox^5.2.0
  • @x12i/env^4.0.1
  • @x12i/funcx^4.9.13
  • @x12i/logxer^4.6.0
  • @x12i/optimixer^3.5.2
  • @x12i/rendrix^4.3.0
  • ajv^8.17.1
  • flex-md^4.7.4
  • ts-node^10.9.2