Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 14,287Mainstream · −50% score
- Versions published
- 193Mature · −50% score
- First published
- Jul 2023
- Publisher
- neoxr
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@neoxr/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@neoxr/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Obfuscation Density: high encoded/escaped-token density
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
35 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 35 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Obfuscation Density | package/lib/listener/chats-update.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/listener/contacts-update.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/listener/contacts-upsert.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/utils/converter.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/utils/cooldown.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/listener/group-join-request.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/listener/groups-update.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/adapter/index.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/types/index.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/core/instance.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/utils/jid-helper.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/memory/localy-store.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/listener/message-reaction.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/listener/message-receipt-update.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/listener/messages-update.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/listener/messages-upsert-self.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/listener/messages-upsert.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/core/node.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/proxy/proxy-json.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/proxy/proxy-mongo.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/proxy/proxy-mysql.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/proxy/proxy-postgresql.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/proxy/proxy-redis.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/utils/queue.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/database/save-to-mysql.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/database/save-to-postgresql.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/database/save-to-redis.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/database/save-to-sqlite.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/utils/scraper.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/utils/spam.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/memory/temporary-store.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/adapter/use-auth-mongo.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/adapter/use-auth-postgresql.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/adapter/use-auth-redis.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/adapter/use-auth-sqlite.js | high encoded/escaped-token density | 0 |
Manifest
Package metadata
Dependencies29
@cacheable/node-cache~3.0.1@neoxr/api^1.5.3@neoxr/helperlatestawesome-phonenumber~2.59.0bytes^3.1.2chalk4.1.0chokidar~4.0.3colors~1.4.0crypto-digest-sync^1.0.0date-fns^4.1.0dotenv^16.0.1file-type~16.5.2flatted^3.3.3fluent-ffmpeg~2.1.3form-data~4.0.0jimp^1.6.0lodash^4.17.21mime-types~2.1.32mongodb~4.9.0morgan^1.10.0node-cron~3.0.0node-id3^0.2.7node-webpmux^3.1.0path~0.12.7pino^9.6qrcode-terminal^0.12.0rootpath^0.1.2sharp0.34.5syntax-error~1.4.0