Package evidence

@mat3ra/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 63Mature · −50% score
First published: Dec 2023
Publisher: exabyte-io

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@mat3ra/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@mat3ra/[email protected]"],"fail_on":"review"}'

Publisherexabyte-io

Artifact bytes533,409

Previous version2026.6.5-0

Published2026-06-09T17:38:26.826Z

SHA-256fb2c41c1697ccbbdd72376a478ff4fbf98867877c3eae130a6796c4256f9f250

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low

3d agoLast checked

lowRisk

0Score

2026.6.9-0Version

Status history (1 event)

new → available3d ago · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts23

buildnpm run clean && npm run transpile && npm run build:symlink && npm run build:models-related && npm run build:models && npm run build:methods && npm run build:applications && npm run build:properties && npm run build:workflows && npm run build:materials && npm run build:ui
build:applicationsts-node --transpile-only scripts/applications/build_applications.ts && ts-node --transpile-only scripts/applications/build_executable_flavor_map_by_application.ts
build:categoriests-node src/js/cli.ts
build:materialsts-node --transpile-only scripts/materials/build_materials.ts
build:methodsts-node --transpile-only scripts/methods/build_methods.ts
build:model-method-mapts-node --transpile-only scripts/models/build_model_method_map.ts
build:model-treets-node scripts/models/build_model_tree.ts
build:modelsts-node --transpile-only scripts/models/build_models.ts
build:models-relatednpm run build:model-method-map && npm run build:model-tree && npm run build:models-tree-config-by-application
build:models-tree-config-by-applicationts-node scripts/models/build_models_tree_config_by_application.ts
build:propertiests-node --transpile-only scripts/properties/build_properties.ts
build:symlinktest -L src/js/runtime_data || ln -s ../../dist/js/runtime_data src/js/runtime_data
build:uits-node ui/scripts/build_ui_trees.ts
build:workflowsts-node --transpile-only scripts/workflows/build_workflows.ts
check:json-minifiedts-node scripts/check_json_minified.ts
cleanrm -rf build/standata
create:materialspython scripts/materials/create_materials.py
linteslint --cache src/js tests/js && prettier --write src/js tests/js
lint:fixeslint --fix --cache src/js tests/js && prettier --write src/js tests/js
lint:stagedlint-staged
prettierprettier --check src/js tests/js
testmocha
transpiletsc && cp -r build/standata/* ./dist/js/runtime_data/ || true

Dependencies10

@types/nunjucks^3.2.6
@types/sprintf-js^1.1.4
cmd-ts^0.15.0
compare-versions^6.1.1
js-yaml^4.1.1
lodash^4.18.1
nunjucks^3.2.4
sprintf-js^1.1.3
ts-node^10.9.2
typescript^5.9.3