Package evidence
@mainsail/[email protected]
Credential File Packaged: package/bin/config/devnet/core/.env
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 108
- Versions published
- 77Mature · −50% score
- First published
- Jan 2024
- Publisher
- itsanametwo
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Block this updateStatic evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@mainsail/[email protected]"],"fail_on":"high"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@mainsail/[email protected]"],"fail_on":"high"}'Why flagged
What the scanner saw
Credential File Packaged: package/bin/config/devnet/core/.env
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk high · score 17 · status changed
Evidence
Static findings
1 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Credential File Packaged | package/bin/config/devnet/core/.env | package/bin/config/devnet/core/.env | 35 |
Manifest
Package metadata
Scripts12
buildtsc -bbuild:watchpnpm run clean && tsc -wfull:devnetcross-env-shell MAINSAIL_PATH_CONFIG=./bin/config/devnet pnpm run mainsail core:run -- --env=testfull:devnet:debugcross-env-shell MAINSAIL_PATH_CONFIG=./bin/config/devnet pnpm run mainsail:debug core:run -- --env=testmainsailnode ./bin/run.jsmainsail:debugnode --inspect-brk ./bin/run.jsreleasepnpm publish --access publictestpnpm run uvu source .test.tstest:coveragec8 -r=text -r=lcov --all pnpm run testtest:coverage:htmlc8 -r html --all pnpm run testtest:filepnpm run uvu sourceuvutsx --tsconfig ../../tsconfig.test.json ./node_modules/uvu/bin.js
Dependencies63
@chainsafe/bls-keystore3.1.0@mainsail/api-common0.0.1-evm.50@mainsail/api-database0.0.1-evm.50@mainsail/api-development0.0.1-evm.50@mainsail/api-evm0.0.1-evm.50@mainsail/api-http0.0.1-evm.50@mainsail/api-sync0.0.1-evm.50@mainsail/api-transaction-pool0.0.1-evm.50@mainsail/blockchain-utils0.0.1-evm.50@mainsail/bootstrap0.0.1-evm.50@mainsail/cli0.0.1-evm.50@mainsail/configuration-generator0.0.1-evm.50@mainsail/consensus0.0.1-evm.50@mainsail/consensus-storage0.0.1-evm.50@mainsail/constants0.0.1-evm.50@mainsail/container0.0.1-evm.50@mainsail/crypto-address-base580.0.1-evm.50@mainsail/crypto-address-keccak2560.0.1-evm.50@mainsail/crypto-block0.0.1-evm.50@mainsail/crypto-commit0.0.1-evm.50@mainsail/crypto-config0.0.1-evm.50@mainsail/crypto-hash-bcrypto0.0.1-evm.50@mainsail/crypto-key-pair-bls12-3810.0.1-evm.50@mainsail/crypto-messages0.0.1-evm.50@mainsail/crypto-proposal0.0.1-evm.50@mainsail/crypto-signature-bls12-3810.0.1-evm.50@mainsail/crypto-transaction0.0.1-evm.50@mainsail/crypto-validation0.0.1-evm.50@mainsail/crypto-wif0.0.1-evm.50@mainsail/crypto-worker0.0.1-evm.50- …and 33 more.