Package evidence

@kynesyslabs/[email protected]

Install Lifecycle Suppresses Failure: postinstall="cp .github/hooks/pre-commit .git/hooks/pre-commit 2>/dev/null && chmod +x .git/hooks/pre-commit 2>/dev/null || true"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 1,136Niche · −30% score
Versions published: 285Mature · −50% score
First published: Apr 2024
Publisher: kynesys

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@kynesyslabs/[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@kynesyslabs/[email protected]"],"fail_on":"high"}'

Publisherkynesys

Artifact bytes5,916,706

Previous version3.1.0

Published2026-05-12T11:33:25.736Z

SHA-256814e86011d04ad4d59bfa6bc3b8978b1a409257d23d32c457408751b69421b67

Why flagged

What the scanner saw

Install Lifecycle Suppresses Failure: postinstall="cp .github/hooks/pre-commit .git/hooks/pre-commit 2>/dev/null && chmod +x .git/hooks/pre-commit 2>/dev/null || true"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high

3d agoLast checked

highRisk

12Score

4.0.0Version

Status history (1 event)

new → available17d ago · risk high · score 12 · status changed

Evidence

Static findings

2 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
high	Install Lifecycle Suppresses Failure	package.json	postinstall="cp .github/hooks/pre-commit .git/hooks/pre-commit 2>/dev/null && chmod +x .git/hooks/pre-commit 2>/dev/null \|\| true"	20

Show all 2 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
high	Install Lifecycle Suppresses Failure	package.json	postinstall="cp .github/hooks/pre-commit .git/hooks/pre-commit 2>/dev/null && chmod +x .git/hooks/pre-commit 2>/dev/null \|\| true"	20
low	Install-time lifecycle script	package.json	postinstall="cp .github/hooks/pre-commit .git/hooks/pre-commit 2>/dev/null && chmod +x .git/hooks/pre-commit 2>/dev/null \|\| true"	5

Manifest

Package metadata

Scripts29

buildrm -rf build && tsc --skipLibCheck && resolve-tspaths && mv build/src/* build/ && rm -rf build/src && npm run build:copy-wasm
build:copy-wasmmkdir -p build/tlsnotary/wasm && cp node_modules/tlsn-js/build/*.wasm build/tlsnotary/wasm/ && cp node_modules/tlsn-js/build/*.js build/tlsnotary/wasm/ && cp -r node_modules/tlsn-js/build/snippets build/tlsnotary/wasm/
postinstallcp .github/hooks/pre-commit .git/hooks/pre-commit 2>/dev/null && chmod +x .git/hooks/pre-commit 2>/dev/null || true
setup:hooksbun run setup:pre-push && bun run setup:pre-commit
setup:pre-commitcp .github/hooks/pre-commit .git/hooks/pre-commit && chmod +x .git/hooks/pre-commit && echo "Pre-commit hook installed"
setup:pre-pushcp .github/hooks/pre-push .git/hooks/pre-push && chmod +x .git/hooks/pre-push && echo "Pre-push hook installed"
testjest
test:aptosnode --require ts-node/register --require tsconfig-paths/register --test src/tests/multichain/aptos.node.spec.ts
test:aptos:onlynode --require ts-node/register --require tsconfig-paths/register --test --test-only src/tests/multichain/aptos.node.spec.ts
test:btcrm -rf build && jest --testMatch '**/tests/multichain**/bitcoin*.ts' --testPathIgnorePatterns **/tests/**/chainProvider* **/tests/utils/* **/tests/**/template* --verbose
test:canonicaljest --testPathPattern=utils.test.ts --verbose
test:demosrm -rf build && jest --testMatch '**/newdemos.spec.ts' --testPathIgnorePatterns **/tests/**/chainProvider* **/tests/utils/* **/tests/**/template* --verbose
test:demosworkrm -rf build && jest --testMatch '**/tests/**/demoswork*.ts' --testPathIgnorePatterns **/tests/**/chainProvider* **/tests/utils/* **/tests/**/template* --verbose
test:evmrm -rf build && jest --testMatch '**/tests/**/evm.spec*.ts' --testPathIgnorePatterns **/tests/**/chainProvider* **/tests/utils/* **/tests/**/template* --verbose
test:identitiesrm -rf build && jest --testMatch '**/tests/**/identities.spec*.ts' --testPathIgnorePatterns **/tests/**/chainProvider* **/tests/utils/* **/tests/**/template* --verbose
test:identities:pqcrm -rf build && jest --testMatch '**/tests/**/identities.pqc.spec*.ts' --testPathIgnorePatterns **/tests/**/chainProvider* **/tests/utils/* **/tests/**/template* --verbose
test:identities:udrm -rf build && jest --testMatch '**/tests/**/identities.ud.spec*.ts' --testPathIgnorePatterns **/tests/**/chainProvider* **/tests/utils/* **/tests/**/template* --verbose --setupFiles dotenv/config
test:identities:web2rm -rf build && jest --testMatch '**/tests/**/identities.web2*.ts' --testPathIgnorePatterns **/tests/**/chainProvider* **/tests/utils/* **/tests/**/template* --verbose --setupFiles dotenv/config
test:multichainrm -rf build && jest --testMatch '**/tests/**/evm.spec*.ts' --testPathIgnorePatterns **/tests/**/chainProvider* **/tests/utils/* **/tests/**/template* --verbose
test:nativerm -rf build && jest --testMatch '**/tests/native*.ts' --testPathIgnorePatterns **/tests/**/chainProvider* **/tests/utils/* **/tests/**/template* --verbose
test:pcqyarn test:pqc
test:pqcrm -rf build && jest --testMatch '**/tests/encryption/pqc*.ts' --verbose
test:referralsrm -rf build && jest --testMatch '**/tests/**/referrals.spec*.ts' --testPathIgnorePatterns **/tests/**/chainProvider* **/tests/utils/* **/tests/**/template* --verbose
test:rubic-servicerm -rf build && jest --testMatch '**/tests/**/rubic*.ts' --testPathIgnorePatterns **/tests/**/chainProvider* **/tests/utils/* **/tests/**/template* --verbose
test:solanarm -rf build && jest --testMatch '**/tests/multichain**/solana.spec*.ts' --testPathIgnorePatterns **/tests/**/chainProvider* **/tests/utils/* **/tests/**/template* --verbose
test:storageprogramsrm -rf build && jest --testMatch '**/tests/storagePrograms*.ts' --testPathIgnorePatterns **/tests/**/chainProvider* **/tests/utils/* **/tests/**/template* --verbose
test:txrm -rf build && jest --testMatch '**/tests/multichain**/fulltx*.ts' --testPathIgnorePatterns **/tests/**/chainProvider* **/tests/utils/* **/tests/**/template* --verbose
test:web2rm -rf build && jest --testMatch '**/tests/web2*.ts' --testPathIgnorePatterns **/tests/**/chainProvider* **/tests/utils/* **/tests/**/template* --verbose
typedoctypedoc

Dependencies65

@aptos-labs/ts-sdk^1.39.0
@bitcoinerlab/secp256k1^1.2.0
@coral-xyz/anchor^0.32.1
@cosmjs/proto-signing^0.32.4
@cosmjs/stargate^0.32.4
@cryptkeeperzk/snarkjs^0.7.2
@kynesyslabs/demosdk^2.8.22
@metaplex-foundation/js^0.20.1
@multiversx/sdk-core^13.17.2
@multiversx/sdk-extension-provider^3.0.0
@multiversx/sdk-network-providers^2.9.3
@multiversx/sdk-wallet^4.6.0
@noble/curves1.9.4
@noble/hashes1.8.0
@noble/post-quantum^0.4.1
@project-serum/anchor^0.26.0
@roamhq/wrtc^0.8.0
@scure/bip39^2.0.1
@simplewebauthn/browser^11.0.0
@simplewebauthn/server^11.0.0
@solana/buffer-layout^4.0.1
@solana/web3.js1.98.0
@ton/core^0.62.0
@ton/crypto^3.3.0
@ton/ton^16.0.0
@types/simple-peer^9.11.8
axios^1.11.0
big-integer^1.6.52
bignumber.js^9.3.1
bip32^5.0.0-rc.0
…and 35 more.