PkgRadar

Package evidence

@nextclaw/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
212
First published
Feb 2026
Publisher
peiiii

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@nextclaw/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@nextclaw/[email protected]"],"fail_on":"review"}'
Publisherpeiiii
Artifact bytes1,237,467
Previous version0.14.1-beta.1
Published2026-06-17T17:16:08.152Z
SHA-256b84100a374feb1e64cb44cc2285b3ed091679aaa2a759d43512519bd18c51d40

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
0.14.1Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts6
  • buildvite build
  • devvite
  • linteslint .
  • previewvite preview
  • testvitest run
  • tsctsc --noEmit
Dependencies31
  • @nextclaw/agent-chat0.2.14
  • @nextclaw/agent-chat-ui0.5.1
  • @nextclaw/client-sdk0.4.4
  • @nextclaw/ncp0.6.4
  • @nextclaw/ncp-http-agent-client0.3.46
  • @nextclaw/ncp-react0.4.54
  • @nextclaw/ncp-toolkit0.5.39
  • @nextclaw/shared0.3.1
  • @radix-ui/react-dialog^1.1.2
  • @radix-ui/react-label^2.1.0
  • @radix-ui/react-popover^1.1.15
  • @radix-ui/react-select^2.1.2
  • @radix-ui/react-slot^1.1.0
  • @radix-ui/react-switch^1.1.1
  • @radix-ui/react-tabs^1.1.1
  • @radix-ui/react-tooltip^1.1.11
  • @tanstack/react-query^5.59.20
  • class-variance-authority^0.7.1
  • clsx^2.1.1
  • lucide-react^0.462.0
  • qrcode^1.5.4
  • react^18.3.1
  • react-dom^18.3.1
  • react-hook-form^7.53.2
  • react-router-dom^7.13.0
  • rehype-sanitize^6.0.0
  • rxjs^7.8.2
  • sonner^1.7.1
  • tailwind-merge^2.5.4
  • zod^3.23.8
  • …and 1 more.