PkgRadar

Package evidence

@holoscript/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
6
Versions published
5
First published
Apr 2026
Publisher
brianonbased

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@holoscript/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@holoscript/[email protected]"],"fail_on":"review"}'
Publisherbrianonbased
Artifact bytes261,831
Previous version6.1.1
Published2026-05-31T06:29:46.639Z
SHA-256ec5adc4fcc18525e4ec704e3bfcc4af9cb20ff547a2284f6c725655008ec0442

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
6.1.2Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts5
  • buildtsup
  • devtsup --watch
  • testnode --max-old-space-size=16384 run-vitest.mjs
  • test:coveragenode --max-old-space-size=16384 run-vitest.mjs --coverage
  • test:watchvitest
Dependencies5
  • @holoscript/agent-protocol^6.1.0
  • @holoscript/core-types^6.1.0
  • jose^6.2.2
  • jsonwebtoken^9.0.2
  • zod^4.3.6
Optional dependencies55
  • @gltf-transform/core^3.7.0
  • @gltf-transform/extensions^3.7.0
  • @gltf-transform/functions^3.7.0
  • @holoscript/alphafold-plugin^2.0.0
  • @holoscript/domain-plugin-template^0.0.1-template
  • @holoscript/medical-plugin^2.0.0
  • @holoscript/narupa-plugin^2.0.0
  • @holoscript/plugin-banking-finance^2.0.0
  • @holoscript/plugin-civil-engineering^2.0.0
  • @holoscript/plugin-culture-keyword^2.0.0
  • @holoscript/plugin-economic-primitives^2.0.0
  • @holoscript/plugin-education-lms^2.0.0
  • @holoscript/plugin-emergency-response^2.0.0
  • @holoscript/plugin-fashion^2.0.0
  • @holoscript/plugin-film-vfx^2.0.0
  • @holoscript/plugin-film3d-volumetrics^2.0.1
  • @holoscript/plugin-fitness-wellness^2.0.0
  • @holoscript/plugin-forensics^2.0.0
  • @holoscript/plugin-geolocation-gis^2.0.0
  • @holoscript/plugin-hardware-invention^2.0.0
  • @holoscript/plugin-hr-workforce^2.0.0
  • @holoscript/plugin-insurance^2.0.0
  • @holoscript/plugin-legal-document^2.0.0
  • @holoscript/plugin-manufacturing-qc^2.0.0
  • @holoscript/plugin-neuroscience^2.0.0
  • @holoscript/plugin-restaurant^2.0.0
  • @holoscript/plugin-retail-ecommerce^2.0.0
  • @holoscript/plugin-therapy^2.0.0
  • @holoscript/plugin-threat-intelligence^2.0.0
  • @holoscript/plugin-trait-audit^2.0.0
  • …and 25 more.