PkgRadar

Package evidence

@researchdatabox/[email protected]

Remote Dependency Spec: dependencies.agenda="github:redbox-mint-contrib/agenda#adc5537f8d728c15d2677bdebdb840cc5dcc8c3e"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
696
Versions published
34Mature · −50% score
First published
Aug 2021
Publisher
CircleCI

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@researchdatabox/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@researchdatabox/[email protected]"],"fail_on":"review"}'
PublisherCircleCI
Artifact bytes1,169,190
Previous version0.0.1-beta.9225
Published2026-05-08T07:00:41.197Z
SHA-2562c5ce091dcde125a3914d9f229b711ca27a231328604684255bed1ab3d5d1df8

Why flagged

What the scanner saw

Remote Dependency Spec: dependencies.agenda="github:redbox-mint-contrib/agenda#adc5537f8d728c15d2677bdebdb840cc5dcc8c3e"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
6Score
0.0.1-beta.9228Version
Status history (1 event)
  1. newavailable · risk review · score 6 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumRemote Dependency Specpackage.jsondependencies.agenda="github:redbox-mint-contrib/agenda#adc5537f8d728c15d2677bdebdb840cc5dcc8c3e"12

Manifest

Package metadata

Scripts7
  • buildrm -rf dist && tsc
  • formatprettier --write "src/**/*.ts" "test/**/*.ts"
  • format:checkprettier --check "src/**/*.ts" "test/**/*.ts"
  • lintcd ../.. && oxlint packages/redbox-core/src
  • lint:fixcd ../.. && oxlint packages/redbox-core/src --fix
  • testTS_NODE_PROJECT=test/tsconfig.json mocha
  • typecheck:stricttsc --noEmit -p tsconfig.strict.json
Dependencies101
  • @jsonjoy.com/json-pointer18.5.0
  • @opentelemetry/api1.9.1
  • @researchdatabox/raido-openapi-generated-node0.0.1-beta.9228
  • @researchdatabox/rva-registry-openapi-generated-node0.0.1-beta.9228
  • @researchdatabox/sails-ng-common0.0.1-beta.9228
  • @tsconfig/node2424.0.4
  • @tus/file-store2.1.0
  • @tus/s3-store2.0.3
  • @tus/server2.4.0
  • @types/bcryptjs3.0.0
  • @types/chai5.2.3
  • @types/dompurify3.2.0
  • @types/ejs3.1.5
  • @types/express5.0.6
  • @types/express-session1.19.0
  • @types/fs-extra11.0.4
  • @types/graceful-fs4.1.9
  • @types/jsdom21.1.7
  • @types/lodash4.17.24
  • @types/luxon3.7.1
  • @types/mime-types3.0.1
  • @types/mocha10.0.10
  • @types/node24.12.0
  • @types/node-schedule2.1.8
  • @types/nodemailer8.0.0
  • @types/numeral2.0.5
  • @types/passport-http-bearer1.0.42
  • @types/passport-jwt4.0.1
  • @types/passport-local1.0.38
  • @types/sinon21.0.1
  • …and 71 more.