PkgRadar

Package evidence

@gusto/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
2
First published
May 2026
Publisher
gusto-devops

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@gusto/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@gusto/[email protected]"],"fail_on":"review"}'
Publishergusto-devops
Artifact bytes1,006,123
Previous versionnone
Published2026-05-29T00:02:54.435Z
SHA-2565db7e954846cf7c9c47cf648fc90dfaeac93ba7899f3cb9bdce5e73410d21dfd

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
0.1.0Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts41
  • baerlynode dist/baerly.js
  • bench:loadnode --import ./bench/register-hooks.mjs bench/load-harness/cli.ts
  • bench:load:matrixnode --import ./bench/register-hooks.mjs bench/load-harness/matrix.ts
  • bench:load:minioMINIO=1 node --import ./bench/register-hooks.mjs bench/load-harness/cli.ts --variant=node-minio
  • bench:lsn-reverse-walknode --import ./bench/register-hooks.mjs bench/lsn-reverse-walk.ts
  • bench:r2node --import ./bench/register-hooks.mjs bench/r2-contention.ts
  • bench:r2:interpretnode --import ./bench/register-hooks.mjs bench/r2-contention-interpret.ts
  • bench:r2:matrixnode --import ./bench/register-hooks.mjs bench/r2-contention-matrix.ts
  • buildrolldown -c && pnpm -r --filter "./packages/*" build
  • bundle-sizesnode scripts/bundle-sizes.mjs
  • dev:storagedocker compose up -d --wait
  • dev:storage:stopdocker compose down
  • dlx:bust-cachenode scripts/dlx-bust-cache.mjs
  • formatoxfmt tests packages
  • format:checkoxfmt --check tests packages
  • gate:day-onevitest run --project=default tests/integration/day-one-handshake.test.ts
  • lintoxlint tests packages
  • pretestpnpm run build
  • testvitest run --project=default
  • test:adapter-cloudflareADAPTER_CLOUDFLARE=1 vitest run --project=cloudflare-pool
  • test:adapter-nodeMINIO=1 vitest run --project=default packages/adapter-node
  • test:adapterspnpm test:adapter-cloudflare && pnpm test:adapter-node
  • test:agentvitest run --project=default --reporter=minimal --silent=passed-only
  • test:conformanceCONFORMANCE=1 MINIO=1 vitest run --project=default tests/integration/conformance.test.ts
  • test:coveragevitest run --project=default --coverage
  • test:export-round-tripvitest run --project=default tests/integration/export-round-trip.test.ts
  • test:export-smokeEXPORT_SMOKE=1 vitest run --project=default tests/integration/export-smoke.test.ts
  • test:fuzz-phase5FC_NUM_RUNS=10000 vitest run --project=default tests/integration/phase5-crash-fuzz.test.ts
  • test:http-conformancevitest run --project=default tests/integration/http-conformance.test.ts
  • test:manual-e2evitest run --project=default manual-e2e/cloudflare/e2e.test.ts manual-e2e/node/e2e.test.ts
  • …and 11 more.
Dependencies1
  • @logtape/logtape2.1.1