PkgRadar

Package evidence

@farmfe/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
6,429Niche · −30% score
Versions published
280Mature · −50% score
First published
Feb 2023
Publisher
wre232114

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@farmfe/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@farmfe/[email protected]"],"fail_on":"review"}'
Publisherwre232114
Artifact bytes556,277
Previous version2.0.0-beta.9
Published2025-11-25T12:01:16.639Z
SHA-2569483905a4134c53fbde585b7a4c45877231a9edddd3a93ff2360f539e8da61b0

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
2.0.0-beta.10Version
Status history (2 events)
  1. availableavailable · risk low · score 0 · status available -> available, risk high -> low, score 15 -> 0
  2. newavailable · risk high · score 15 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts12
  • artifactsnapi artifacts
  • buildtsc -p tsconfig.build.json && npm run build:cjs
  • build:cjsnode scripts/build-cjs.mjs
  • build:rsnpm run build:rs:debug -- --release
  • build:rs:debugnapi build --platform -p farmfe_node --manifest-path ../../crates/node/Cargo.toml -o binding --js binding.cjs --dts binding.d.ts
  • build:rs:profilecross-env FARM_PROFILE=1 npm run build:rs -- --features profile
  • build:rs:publishnpm run build:rs:debug -- --profile release-publish
  • cleanrimraf dist tsconfig.build.tsbuildinfo
  • napi:versionnapi version
  • starttsc -w -p tsconfig.build.json
  • start:debugtsc -w -p tsconfig.build.json
  • type-checktsc -p tsconfig.build.json
Dependencies26
  • @farmfe/plugin-replace-dirname2.0.0-beta.0
  • @farmfe/runtime2.0.0-beta.0
  • @farmfe/runtime-plugin-hmr4.0.0-beta.2
  • @farmfe/runtime-plugin-import-meta2.0.0-beta.0
  • @farmfe/utils2.0.0-beta.1
  • @polka/compression1.0.0-next.25
  • @swc/helpers0.5.17
  • chokidar^3.5.3
  • connect^3.7.0
  • cors^2.8.5
  • debug^4.3.5
  • deepmerge^4.3.1
  • dotenv^16.4.5
  • dotenv-expand^11.0.6
  • etag^1.8.1
  • execa8.0.0
  • fast-glob^3.3.2
  • fs-extra^11.1.1
  • http-proxy^1.18.1
  • is-plain-object^5.0.0
  • mime^4.0.4
  • open10.1.0
  • sirv^3.0.0
  • ws^8.14.2
  • zod^3.23.8
  • zod-validation-error^1.3.0
Optional dependencies9
  • @farmfe/core-darwin-arm642.0.0-beta.10
  • @farmfe/core-darwin-x642.0.0-beta.10
  • @farmfe/core-linux-arm64-gnu2.0.0-beta.10
  • @farmfe/core-linux-arm64-musl2.0.0-beta.10
  • @farmfe/core-linux-x64-gnu2.0.0-beta.10
  • @farmfe/core-linux-x64-musl2.0.0-beta.10
  • @farmfe/core-win32-arm64-msvc2.0.0-beta.10
  • @farmfe/core-win32-ia32-msvc2.0.0-beta.10
  • @farmfe/core-win32-x64-msvc2.0.0-beta.10