Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 396
- Versions published
- 92Mature · −50% score
- First published
- Jan 2025
- Publisher
- mavogel
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@mavogel/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@mavogel/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Credential file access: matched ".aws/"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 2 · status changed
Evidence
Static findings
13 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 13 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Credential file access | package/lib/installer/installer.js | matched ".aws/" | 5 |
| low | Large Javascript Payload | package/integ-tests/integ.al2023.ts.snapshot/asset.530055f7515b3f0a47900f5df37e729ba40ca977b2d07b952bdefa2b8f883f42.bundle/index.js | 2071244 bytes | 0 |
| low | Obfuscation Density | package/integ-tests/integ.al2023.ts.snapshot/asset.efac30c7091c58fed492058fa6403c14f7e58aab8cf4fd595d838b8d5eeec2b9/index.js | high encoded/escaped-token density | 0 |
| low | Large Javascript Payload | package/integ-tests/integ.custom-domain.ts.snapshot/asset.530055f7515b3f0a47900f5df37e729ba40ca977b2d07b952bdefa2b8f883f42.bundle/index.js | 2071244 bytes | 0 |
| low | Obfuscation Density | package/integ-tests/integ.custom-domain.ts.snapshot/asset.efac30c7091c58fed492058fa6403c14f7e58aab8cf4fd595d838b8d5eeec2b9/index.js | high encoded/escaped-token density | 0 |
| low | Large Javascript Payload | package/integ-tests/integ.stop-on-idle.ts.snapshot/asset.530055f7515b3f0a47900f5df37e729ba40ca977b2d07b952bdefa2b8f883f42.bundle/index.js | 2071244 bytes | 0 |
| low | Obfuscation Density | package/integ-tests/integ.stop-on-idle.ts.snapshot/asset.efac30c7091c58fed492058fa6403c14f7e58aab8cf4fd595d838b8d5eeec2b9/index.js | high encoded/escaped-token density | 0 |
| low | Large Javascript Payload | package/integ-tests/integ.ubuntu.ts.snapshot/asset.530055f7515b3f0a47900f5df37e729ba40ca977b2d07b952bdefa2b8f883f42.bundle/index.js | 2071244 bytes | 0 |
| low | Obfuscation Density | package/integ-tests/integ.ubuntu.ts.snapshot/asset.efac30c7091c58fed492058fa6403c14f7e58aab8cf4fd595d838b8d5eeec2b9/index.js | high encoded/escaped-token density | 0 |
| low | Large Javascript Payload | package/integ-tests/integ.ubuntu24.ts.snapshot/asset.530055f7515b3f0a47900f5df37e729ba40ca977b2d07b952bdefa2b8f883f42.bundle/index.js | 2071244 bytes | 0 |
| low | Obfuscation Density | package/integ-tests/integ.ubuntu24.ts.snapshot/asset.efac30c7091c58fed492058fa6403c14f7e58aab8cf4fd595d838b8d5eeec2b9/index.js | high encoded/escaped-token density | 0 |
| low | Large Javascript Payload | package/integ-tests/integ.ubuntu25.ts.snapshot/asset.530055f7515b3f0a47900f5df37e729ba40ca977b2d07b952bdefa2b8f883f42.bundle/index.js | 2071244 bytes | 0 |
| low | Obfuscation Density | package/integ-tests/integ.ubuntu25.ts.snapshot/asset.efac30c7091c58fed492058fa6403c14f7e58aab8cf4fd595d838b8d5eeec2b9/index.js | high encoded/escaped-token density | 0 |
Manifest
Package metadata
Scripts35
awslintawslintbuildprojen buildbumpprojen bumpbundleprojen bundlebundle:idle-monitor-enabler/idle-monitor-enabler.lambdaprojen bundle:idle-monitor-enabler/idle-monitor-enabler.lambdabundle:idle-monitor-enabler/idle-monitor-enabler.lambda:watchprojen bundle:idle-monitor-enabler/idle-monitor-enabler.lambda:watchbundle:idle-monitor/idle-monitor.lambdaprojen bundle:idle-monitor/idle-monitor.lambdabundle:idle-monitor/idle-monitor.lambda:watchprojen bundle:idle-monitor/idle-monitor.lambda:watchbundle:installer/installer.lambdaprojen bundle:installer/installer.lambdabundle:installer/installer.lambda:watchprojen bundle:installer/installer.lambda:watchbundle:secret-retriever/secret-retriever.lambdaprojen bundle:secret-retriever/secret-retriever.lambdabundle:secret-retriever/secret-retriever.lambda:watchprojen bundle:secret-retriever/secret-retriever.lambda:watchclobberprojen clobbercompatprojen compatcompileprojen compiledefaultprojen defaultdocgenprojen docgenejectprojen ejecteslintprojen eslintinteg-testinteg-runner --directory ./integ-tests --parallel-regions eu-west-1 --parallel-regions eu-west-2 --parallel-regions eu-north-1 --parallel-regions eu-west-3 --update-on-failedpackageprojen packagepackage-allprojen package-allpackage:jsprojen package:jspackage:pythonprojen package:pythonpost-compileprojen post-compilepost-upgradeprojen post-upgradepre-compileprojen pre-compilepreparehuskyprojenprojenreleaseprojen release- …and 5 more.
Dependencies4
@mavogel/mvc-projen^0.0.25cdk-nag^2.37.55constructs^10.4.2node-html-parser^7.1.0