PkgRadar

Package evidence

@reclaimprotocol/[email protected]

Remote Dependency Spec: dependencies.@reclaimprotocol/tls="github:reclaimprotocol/tls"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
2,277Niche · −30% score
Versions published
45Mature · −50% score
First published
Sep 2024
Publisher
adiwajshing_reclaim

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@reclaimprotocol/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@reclaimprotocol/[email protected]"],"fail_on":"review"}'
Publisheradiwajshing_reclaim
Artifact bytes722,033
Previous version5.0.5
Published2026-06-03T13:56:10.499Z
SHA-2568fb3ca46c4425d508f6a31d7d10035f7360af354b85b9d784fe02a050cca0a56

Why flagged

What the scanner saw

Remote Dependency Spec: dependencies.@reclaimprotocol/tls="github:reclaimprotocol/tls"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
10Score
5.0.6Version
Status history (1 event)
  1. newavailable · risk review · score 10 · status changed

Evidence

Static findings

2 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumRemote Dependency Specpackage.jsondependencies.@reclaimprotocol/tls="github:reclaimprotocol/tls"12
mediumRemote Dependency Specpackage.jsondevDependencies.@adiwajshing/eslint-config="github:adiwajshing/eslint-config"8

Manifest

Package metadata

Scripts28
  • buildtsc -p tsconfig.build.json && tsc-alias && npm run run:tsc -- src/scripts/build-lib.ts
  • build-contractscd avs/contracts && forge build
  • build:browsersh ./src/scripts/build-browser.sh
  • check:avs-registrationnpm run run:tsc -- src/scripts/check-avs-registration.ts
  • commitlintcommitlint --edit
  • create:claimnpm run run:tsc -- src/scripts/generate-receipt.ts
  • deploy:contractssh avs/utils/anvil/deploy-all-to-anvil-and-save-state.sh
  • deploy:contracts-to-chainsh avs/utils/anvil/deploy-to-chain.sh
  • download:zk-filesnode node_modules/@reclaimprotocol/zk-symmetric-crypto/lib/scripts/download-files
  • generate:avstypechain --target ethers-v6 --out-dir src/avs/contracts avs/contracts/out/ReclaimServiceManager.sol/*.json
  • generate:contracts-datash ./src/scripts/contract-data-gen.sh
  • generate:protosh ./src/scripts/generate-proto.sh
  • generate:provider-typesnpm run run:tsc -- src/scripts/generate-provider-types.ts
  • generate:toprf-keysnpm run run:tsc -- src/scripts/generate-toprf-keys.ts
  • linteslint .
  • lint:fixeslint . --fix
  • preparenpm run build
  • publish:pkgnpm publish --access public
  • register:avs-operatornpm run run:tsc -- src/scripts/register-avs-operator.ts
  • run:test-filesNODE_ENV=test TZ=utc npm run run:tsc -- --import=#src/tests/mocks.ts --experimental-test-module-mocks --test-force-exit
  • run:tscnode --experimental-strip-types
  • startnpm run run:tsc -- src/scripts/start-server.ts
  • start:chainbash ./avs/utils/anvil/start-anvil-chain-with-el-and-avs-deployed.sh
  • testnpm run run:test-files -- --test src/tests/*.test.ts
  • test:avsNODE_ENV=test TZ=utc jest --verbose --forceExit --detectOpenHandles --test-match **/src/avs/tests/test.*.ts
  • update:avs-metadatanpm run run:tsc -- src/scripts/update-avs-metadata.ts
  • verify:root-canpm run run:tsc -- src/scripts/verify-root-ca.ts
  • whitelist:operatornpm run run:tsc -- src/scripts/whitelist-operator.ts
Dependencies29
  • @bufbuild/protobuf^2.11.0
  • @peculiar/asn1-x509^2.6.1
  • @peculiar/webcrypto^1.5.0
  • @peculiar/x509^1.14.3
  • @reclaimprotocol/tlsgithub:reclaimprotocol/tls
  • @reclaimprotocol/zk-symmetric-crypto^5.1.3
  • ajv^8.18.0
  • bs58^6.0.0
  • canonicalize^2.1.0
  • cbor-x^1.6.4
  • cose-js^0.9.0
  • dotenv^16.6.1
  • elastic-apm-node^4.15.0
  • esprima-next^5.8.4
  • ethers^6.16.0
  • https-proxy-agent^7.0.6
  • ip-address^10.2.0
  • ip-cidr^3.1.0
  • jsonpath-plus^10.4.0
  • koffi^2.15.2
  • p-queue^8.1.1
  • parse5^8.0.0
  • parse5-htmlparser2-tree-adapter^8.0.0
  • pino^9.14.0
  • re2^1.24.0
  • serve-static^1.16.3
  • snarkjs^0.7.6
  • ws^8.20.0
  • xpath^0.0.34