PkgRadar

Package evidence

@harperfast/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
27
First published
Jan 2026
Publisher
harperdb_team

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@harperfast/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@harperfast/[email protected]"],"fail_on":"review"}'
Publisherharperdb_team
Artifact bytes171,632
Previous version2.0.0
Published2026-06-12T16:19:52.797Z
SHA-256b72213e5f37f474e3070afc539581c6c2fd6551404c24ef9a70713a70cf6362d

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
2.1.0Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts23
  • benchcross-env CI=1 node --expose-gc ./node_modules/vitest/vitest.mjs bench --passWithNoTests --outputJson benchmark-results.json
  • bench:buncross-env CI=1 bun --bun bench
  • bench:denocross-env CI=1 deno run --allow-all --sloppy-imports ./node_modules/vitest/vitest.mjs bench
  • buildpnpm build:bundle && pnpm rebuild
  • build:bindingnode-gyp build
  • build:binding:debugnode-gyp build --coverage --debug --verbose
  • build:bundlenode scripts/clean-dist.mjs && tsdown -c tsdown.config.ts
  • build:bundle:minifycross-env MINIFY=1 pnpm build:bundle
  • checkpnpm type-check && pnpm lint && pnpm fmt:check
  • cleannode-gyp clean
  • coveragetsx scripts/coverage/main.ts
  • coverage:nativetsx scripts/native-test/coverage.mjs
  • fmtoxfmt
  • fmt:checkoxfmt --check
  • lintoxlint
  • rebuildnode-gyp rebuild
  • rebuild:debugnode-gyp rebuild --coverage --debug --verbose
  • testcross-env CI=1 node --expose-gc ./node_modules/vitest/vitest.mjs --reporter=verbose
  • test:buncross-env CI=1 bun --bun --config=bunfig.toml ./node_modules/vitest/vitest.mjs --reporter=verbose
  • test:denocross-env CI=1 deno run --allow-all --sloppy-imports --v8-flags=--expose-gc ./node_modules/vitest/vitest.mjs
  • test:nativetsx scripts/native-test/run.mjs
  • test:stresscross-env CI=1 node --expose-gc ./node_modules/vitest/vitest.mjs --reporter=verbose --config=vitest-stress.config.ts
  • type-checktsc --noEmit
Dependencies3
  • @harperfast/extended-iterable1.0.3
  • msgpackr2.0.4
  • ordered-binary1.6.1
Optional dependencies8
  • @harperfast/rocksdb-js-darwin-arm642.1.0
  • @harperfast/rocksdb-js-darwin-x642.1.0
  • @harperfast/rocksdb-js-linux-arm64-glibc2.1.0
  • @harperfast/rocksdb-js-linux-arm64-musl2.1.0
  • @harperfast/rocksdb-js-linux-x64-glibc2.1.0
  • @harperfast/rocksdb-js-linux-x64-musl2.1.0
  • @harperfast/rocksdb-js-win32-arm642.1.0
  • @harperfast/rocksdb-js-win32-x642.1.0