Package evidence
@ganakailabs/[email protected]
Obfuscation Density: high encoded/escaped-token density
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 1,925Niche · −30% score
- Versions published
- 30
- First published
- May 2026
- Publisher
- GitHub ActionsTrusted automation · −70% score
Effective trust discount applied: −70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@ganakailabs/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@ganakailabs/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Obfuscation Density: high encoded/escaped-token density
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 5 · status changed
Evidence
Static findings
2 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Obfuscation Density | package/dist/chunk-MNNLTARP.js | high encoded/escaped-token density | 12 |
Show all 2 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Obfuscation Density | package/dist/chunk-MNNLTARP.js | high encoded/escaped-token density | 12 |
| low | Credential file access | package/dist/cli.js | matched ".azure" | 5 |
Manifest
Package metadata
Scripts19
buildpnpm -C ../shared build && pnpm -C ../core build && tsupbuild:executablepnpm build:executable-bundle && pnpm exec pkg dist/cli.executable.js --targets node18-macos-x64,node18-macos-arm64,node18-linux-x64,node18-linux-arm64,node18-win-x64 --output dist/bin/cloudeval && node scripts/alias-executables.jsbuild:executable-bundletsup --config tsup.executable.config.tsbuild:executable:bunpnpm -C ../shared build && pnpm -C ../core build && node scripts/patch-yoga-wasm.js && node scripts/prepare-yoga-wasm.js && bun build src/cli.tsx --compile --outfile dist/bin/cloudeval && cp yoga.wasm dist/bin/yoga.wasm && rm -f yoga.wasmbuild:executable:currentpnpm -C ../shared build && pnpm -C ../core build && node scripts/patch-yoga-wasm.js && YOGA_WASM=$(node scripts/prepare-yoga-wasm.js) && bun build src/cli.tsx --compile --outfile dist/bin/cloudeval && cp "$YOGA_WASM" dist/bin/yoga.wasm && rm -f "$YOGA_WASM" && node scripts/alias-executables.jsbuild:executable:nccpnpm build && pnpm exec ncc build dist/cli.js -o dist/ncc -m && pnpm exec pkg dist/ncc/index.js --targets node18-macos-arm64 --output-path dist/binbuild:standalonetsup --minifybundlepnpm build:standalone && pnpm pack --pack-destination ./distdevtsx src/cli.tsxdocker:builddocker build -t cloudeval-cli -f Dockerfile ../../docker:rundocker run -it --rm cloudeval-clilintpnpm -C ../shared build && pnpm -C ../core build && tsc --noEmit -p tsconfig.jsonpostpacknode ../../scripts/cleanup-npm-package.mjsprepacknode ../../scripts/prepare-npm-package.mjsrunnode dist/cli.jstestpnpm -C ../shared build && pnpm -C ../core build && tsx --test src/askProgress.test.ts src/hitlPrompt.test.ts src/baseUrl.test.ts src/frontendLinks.test.ts src/outputFormatter.test.ts src/localHooks.test.ts src/telemetry.test.ts src/cliConfig.test.ts src/projectDiagramImage.test.ts src/loginOnboardingMode.test.ts src/runtime/prepareInk.test.ts src/ui/animationPolicy.test.ts src/ui/appHeaderDetails.test.ts src/ui/bannerDetails.test.ts src/ui/noticeTone.test.ts src/ui/components/Banner.test.ts src/ui/components/InputBox.test.ts src/ui/components/Spinner.test.ts src/ui/components/Transcript.test.ts src/ui/artifactChips.test.ts src/ui/citationContent.test.ts src/ui/chatResponseActions.test.ts src/ui/billingSummary.test.ts src/ui/workspaceEntityDetails.test.ts src/ui/inputSanitizer.test.ts src/ui/inputViewport.test.ts src/ui/keyBindings.test.ts src/ui/layout.test.ts src/ui/scrollBehavior.test.ts src/ui/promptSuggestions.test.ts src/ui/commandCompletion.test.ts src/ui/interactionModel.test.ts src/ui/sessionThreads.test.ts src/ui/userDisplayName.test.ts src/ui/workspaceSelection.test.ts src/ui/workspaceTabs.test.ts src/ui/workspaceDataStore.test.ts src/ui/overviewDashboard.test.ts src/ui/reportsDashboard.test.ts src/completionEngine.test.ts src/shellCompletion.test.ts src/updateCommand.test.ts src/uninstallCommand.test.ts src/mcpSetupCommand.test.ts src/mcpCommand.test.ts src/sessionsStore.test.ts src/recipes/catalog.test.ts src/skills/catalog.test.ts src/reports/reportRender.test.ts src/reports/reportCommand.test.tstest:cli:noninteractivepnpm -C ../shared build && pnpm -C ../core build && tsx --test src/nonInteractiveCli.test.tstest:cli:noninteractive:livepnpm build:executable:current && CLOUDEVAL_CLI_BIN=./dist/bin/cloudeval tsx --test src/liveNonInteractiveCli.test.tstest:cli:noninteractive:packagedpnpm build:executable:current && CLOUDEVAL_CLI_BIN=./dist/bin/cloudeval pnpm test:cli:noninteractive
Dependencies14
applicationinsights^3.15.0asciichart^1.5.25cli-highlight^2.1.11commander^12.1.0ink^4.4.1ink-scroll-view^0.3.6ink-spinner^4.0.0ink-syntax-highlight^2.0.2ink-text-input^5.0.1marked^17.0.1marked-terminal^7.3.0react^18.3.1react-devtools-core^4.28.5sql.js^1.14.1