Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 21,487Mainstream · −50% score
- Versions published
- 496Mature · −50% score
- First published
- Jan 2021
- Publisher
- chiragchadha
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@hubspot/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@hubspot/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
No high-signal static finding in the saved report.
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
No findings stored for this release.
Manifest
Package metadata
Scripts25
buildtsx ./scripts/build.tsbuild-dockerdocker image build --tag hs-cli-image . && docker image prune -fcircular-depsyarn madge --circular .debug-mcpyarn build && npx --yes @modelcontextprotocol/inspector node dist/mcp-server/server.jshsyarn build && node ./dist/bin/hshs-debugyarn build && NODE_DEBUG=http* node --inspect-brk ./dist/bin/hshs-proxyyarn build && HTTPS_PROXY=http://localhost:8181 NODE_TLS_REJECT_UNAUTHORIZED=0 node ./dist/bin/hsink-playgroundyarn build && yarn tsx ./scripts/ink-playground.tslintecho 'Linting is disabled for Blazar'lint:localeslint . && prettier --list-different './**/*.{ts,tsx,js,json}'list-all-commandsyarn tsx ./scripts/get-all-commands.tslocal-linkhubspot-linkingmcp-localyarn tsx ./scripts/mcp-local.tsprettier:writeprettier --write './**/*.{ts,js,json,tsx}'releaseyarn tsx ./scripts/release.ts releasesync-to-publicyarn tsx ./scripts/sync-to-public.ts repo-synctestvitest run --coveragetest-cliyarn build && yarn --cwd 'acceptance-tests' test-citest-cli-debugyarn build && yarn --cwd 'acceptance-tests' test-debugtest-cli-latestyarn build && yarn build-docker && docker container run -it --rm --name=hs-cli-container hs-cli-image yarn --cwd 'acceptance-tests' test-latesttest-cli-qayarn build && yarn --cwd 'acceptance-tests' test-qatest-cli-qa-debugyarn build && yarn --cwd 'acceptance-tests' test-qa-debugtest-devvitestupdate-ldlyarn add --exact @hubspot/local-dev-lib@latestview-unreleased-changesnode ./scripts/unreleasedChanges.js
Dependencies30
@hubspot/local-dev-lib5.7.1@hubspot/project-parsing-lib0.16.0@hubspot/serverless-dev-runtime7.0.7@hubspot/ui-extensions-dev-server2.0.7@inquirer/prompts7.1.0@modelcontextprotocol/sdk1.29.0archiver7.0.1chalk5.4.1chokidar3.6.0cli-cursor3.1.0cli-progress3.12.0express4.22.1findup-sync4.0.0fs-extra8.1.0ink6.6.0ink-spinner5.0.0ink-text-input6.0.0js-yaml4.1.1minimatch10.2.5moment2.30.1open7.4.2p-queue8.1.0react19.2.3strip-ansi7.1.0table6.9.0tmp0.2.4update-notifier7.3.1ws8.20.0yargs17.7.2yargs-parser21.1.1