Package evidence
@katanaperps/[email protected]
Install-time lifecycle script: postinstall="git config --local core.hooksPath .githooks || echo 'Not a git repository, did not set up git hooks'"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 510
- Versions published
- 62
- First published
- Jan 2026
- Publisher
- GitHub ActionsTrusted automation · −70% score
Effective trust discount applied: −70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@katanaperps/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@katanaperps/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Install-time lifecycle script: postinstall="git config --local core.hooksPath .githooks || echo 'Not a git repository, did not set up git hooks'"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 1 · status changed
Evidence
Static findings
1 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 1 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Install-time lifecycle script | package.json | postinstall="git config --local core.hooksPath .githooks || echo 'Not a git repository, did not set up git hooks'" | 5 |
Manifest
Package metadata
Scripts23
buildnpm-run-all clean build:tsc build:abisbuild:abiscp -rf abis dist/abis/build:tscyarn exec tscbuild:typechaintypechain --target ethers-v6 --out-dir src/typechain-types 'abis/*.json'cleanrimraf distclean:docsrimraf docslinteslint --cache 'src/**/*.ts'lint:fixeslint --cache 'src/**/*.ts' --fixlint:fix:stagedlint-stagedlint:fix:staged-and-modifiedeslint --cache --fix $(git diff --name-only HEAD | grep -E '\.(ts|tsx)$' | xargs) && yarn lint:prettier:staged-and-modifiedlint:prettier:staged-and-modifiedprettier --write $(git diff --name-only HEAD | grep -E '\.(ts|tsx)$' | xargs)lint:typesyarn exec tsc --noEmiton:commitnpm-run-all build test --parallel lint:fix:staged lint:types --orderbook:demoyarn node dist/orderbook/demo.jspostinstallgit config --local core.hooksPath .githooks || echo 'Not a git repository, did not set up git hooks'prettier:fixyarn exec prettier --cache --write 'src/**/*.ts'prettier:fix:stagedyarn exec pretty-quick --stagedstart:pathyarn exec tsx --tsconfig tsconfig.tsx.json --start:path:watchyarn exec tsx watch --tsconfig tsconfig.tsx.json --clear-screen=false --testmocha --unhandled-rejections=strict 'dist/tests/**/*.test.js'typedoc:buildnpm-run-all --sequential clean:docs typedoc:build:run typedoc:build:assetstypedoc:build:assetscp assets/katana-perps-logo.png docs/assets/ && cp assets/CNAME docs/typedoc:build:runyarn exec typedoc
Dependencies8
@layerzerolabs/lz-v2-utilities^3.0.83axios1.6.8bignumber.js^9.1.2ethers6.13.5isomorphic-ws^5.0.0tslib^2.7.0uuid^9.0.1ws8.17.0
Optional dependencies1
bufferutil^4.0.8