PkgRadar

Package evidence

@magmacomputing/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
281
Versions published
38
First published
Mar 2026
Publisher
magmacomputing

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@magmacomputing/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@magmacomputing/[email protected]"],"fail_on":"review"}'
Publishermagmacomputing
Artifact bytes308,285
Previous version3.0.2
Published2026-06-12T07:06:02.415Z
SHA-256217e56b3411bef9b83750cf79f284f43069f01e76e91426326803772711be2a7

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
3.0.3Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts24
  • buildnpm run clean && tsc -b && npm run build:bundle && npm run build:resolve
  • build:bundlerollup -c
  • build:resolvetsx bin/resolve-types.ts
  • build:versionnode bin/update-version.mjs
  • cleanrm -rf dist && (tsc -b --clean || true)
  • docs:apitypedoc
  • docs:buildnpm run build && npm run docs:api && vitepress build
  • docs:devnpm run build && npm run docs:api && vitepress dev
  • docs:previewvitepress preview
  • docs:pushbash ./bin/push-docs.sh
  • parsecross-env TEMPO_LITE=true tsx --tsconfig ./src/tsconfig.repl.json -i --harmony-temporal --import ./bin/parse.ts
  • prebuildnpm run build:version
  • prepublishOnlyif [ $(git rev-parse --abbrev-ref HEAD) != main ]; then echo 'ERROR: Must be on main branch to publish.'; exit 1; fi && if [ -z "$TEMPO_LICENSE_PATH" ] || [ ! -f "$TEMPO_LICENSE_PATH" ]; then echo '🚨 ERROR: TEMPO_LICENSE_PATH is missing or invalid. Cannot publish Premium build.'; exit 1; fi && npm run build
  • publishnpm publish --access public
  • repltsx --tsconfig ./src/tsconfig.repl.json -i --import ./bin/temporal-polyfill.ts --import ./bin/repl.ts
  • repl:baretsx --tsconfig ./src/tsconfig.repl.json -i --harmony-temporal
  • repl:corecross-env TEMPO_LITE=true tsx --tsconfig ./src/tsconfig.repl.json -i --harmony-temporal --import ./bin/core.ts
  • repl:disttsx -i --import ./bin/temporal-polyfill.ts --import ./bin/repl.ts
  • repl:nodetsx --tsconfig ./src/tsconfig.repl.json -i --harmony-temporal --import ./bin/repl.ts
  • testcross-env TEMPO_LICENSE_KEY="" vitest run
  • test:browservitest run -c vitest.browser.config.ts
  • test:cicross-env TEMPO_LICENSE_KEY="" TZ=America/New_York LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 vitest run
  • test:ci:prefiltercross-env TEMPO_LICENSE_KEY="" TZ=America/New_York LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 TEMPO_PREFILTER_CI=true vitest run
  • test:distcross-env TEMPO_LICENSE_KEY="" TEST_DIST=true vitest run
Dependencies1
  • tslib^2.8.1