PkgRadar

Package evidence

@neelegirly/[email protected]

Remote Dependency Spec: devDependencies.@adiwajshing/eslint-config="github:adiwajshing/eslint-config"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
50
Versions published
11
First published
Apr 2026
Publisher
neelegirly

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@neelegirly/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@neelegirly/[email protected]"],"fail_on":"review"}'
Publisherneelegirly
Artifact bytes1,121,073
Previous version2.2.22
Published2026-05-07T10:16:59.212Z
SHA-256deca2f8efe4bd36295ead4c4cbd2be400ea2c5c65e302a4dc469704f254d18e4

Why flagged

What the scanner saw

Remote Dependency Spec: devDependencies.@adiwajshing/eslint-config="github:adiwajshing/eslint-config"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
8Score
2.2.23Version
Status history (1 event)
  1. newavailable · risk review · score 8 · status changed

Evidence

Static findings

2 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumRemote Dependency Specpackage.jsondevDependencies.@adiwajshing/eslint-config="github:adiwajshing/eslint-config"8
Show all 2 findings (low-signal and informational)
SeverityKindPathDetailPoints
mediumRemote Dependency Specpackage.jsondevDependencies.@adiwajshing/eslint-config="github:adiwajshing/eslint-config"8
lowLarge Javascript Payloadpackage/WAProto/index.js8940234 bytes0

Manifest

Package metadata

Scripts4
  • build:alltsc && typedoc
  • build:docstypedoc
  • build:tsctsc
  • testnode --check lib/Socket/groups.js && node --check lib/Socket/messages-recv.js && node --check lib/Socket/messages-send.js && node --check lib/Socket/socket.js && node --check lib/Utils/auth-utils.js && node --check lib/Utils/decode-wa-message.js && node --check lib/Utils/process-message.js && node --check lib/Utils/link-preview.js && node -e "const b=require('./'); if(typeof b.makeWASocket !== 'function' || b.NACK_REASONS.SenderReachoutTimelocked !== 463 || b.QueryIds.FOLLOW !== '24404358912487870') process.exit(1)"
Dependencies16
  • @adiwajshing/keyed-db^0.2.4
  • @cacheable/node-cache^1.5.4
  • @hapi/boom^9.1.3
  • @neelegirly/libsignal1.0.31
  • async-mutex^0.5.0
  • audio-decode^2.1.3
  • axios^1.3.3
  • cache-manager4.0.1
  • futoin-hkdf^1.5.1
  • libphonenumber-js^1.10.20
  • music-metadata^7.12.3
  • node-cache^5.1.2
  • pino^7.0.0
  • protobufjs^7.2.4
  • uuid^9.0.0
  • ws^8.13.0