PkgRadar

Package evidence

@ixo/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
65Mature · −50% score
First published
Nov 2022
Publisher
michael-ixo

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@ixo/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@ixo/[email protected]"],"fail_on":"review"}'
Publishermichael-ixo
Artifact bytes1,495,567
Previous version2.4.8
Published2026-01-29T17:23:53.554Z
SHA-25683c941375fb82fdc3a0afbd7410679f290e96fb658cc35d017b849bd8b099d2e

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
2.4.9Version
Status history (2 events)
  1. availableavailable · risk low · score 0 · status available -> available, risk high -> low, score 50 -> 0
  2. newavailable · risk high · score 50 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts24
  • buildnpm run build:module && npm run build:main
  • build:docstypedoc src/index.ts
  • build:localnpm pack
  • build:maincross-env BABEL_ENV=production babel src --out-dir main --delete-dir-on-start --extensions ".tsx,.ts,.js"
  • build:modulecross-env MODULE=true babel src --out-dir module --delete-dir-on-start --extensions ".tsx,.ts,.js"
  • build:preparenpm run build && npm run build:ts && npm run build:docs
  • build:tstsc --project ./tsconfig.json
  • codegencross-env NODE_ENV=development babel-node scripts/codegen.js
  • devcross-env NODE_ENV=development babel-node src/index --extensions ".tsx,.ts,.js"
  • linteslint src/**/*.ts
  • lint:fixeslint src/**/*.ts --fix
  • preparenpm run build
  • testjest __tests__/index.spec.ts --forceExit
  • test:ai4gjest __tests__/specs/ai4g --forceExit
  • test:aquaminerjest __tests__/specs/aquaminer --forceExit
  • test:debugnode --inspect node_modules/.bin/jest --runInBand
  • test:fairClimatejest __tests__/specs/fairClimate --forceExit
  • test:idccjest __tests__/specs/idcc --forceExit
  • test:protocolsjest __tests__/specs/protocols --forceExit
  • test:queriesjest __tests__/specs/query --forceExit
  • test:supamotojest __tests__/specs/supamoto --forceExit
  • test:umuzijest __tests__/specs/umuzi --forceExit
  • test:watchjest --watch
  • watchcross-env NODE_ENV=development babel-watch src/index --extensions ".tsx,.ts,.js"
Dependencies13
  • @babel/runtime7.19.4
  • @cosmjs/amino0.32.4
  • @cosmjs/cosmwasm-stargate0.32.4
  • @cosmjs/crypto0.32.4
  • @cosmjs/encoding0.32.4
  • @cosmjs/proto-signing0.32.4
  • @cosmjs/stargate0.32.4
  • @cosmjs/tendermint-rpc0.32.4
  • axios1.2.5
  • bip39-light1.0.7
  • bs585.0.0
  • dotenv16.0.3
  • protobufjs6.11.2