PkgRadar

Package evidence

@rev-net/[email protected]

Install Lifecycle Suppresses Failure: postinstall="find node_modules -name '*.sol' -type f | xargs grep -l 'pragma solidity 0.8.23;' 2>/dev/null | xargs sed -i '' 's/pragma solidity 0.8.23;/pragma solidity 0.8.26;/g' 2>/dev/null || true"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
5,101Niche · −30% score
Versions published
89
First published
Mar 2026
Publisher
me.jango

Effective trust discount applied: 30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@rev-net/[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@rev-net/[email protected]"],"fail_on":"high"}'
Publisherme.jango
Artifact bytes1,035,361
Previous version0.0.10
Published2026-03-13T18:39:36.018Z
SHA-2560ead05f684ac44ce7869399ce2b5bbe8d65ef88d45f442f80319b2b68ccc5ca3

Why flagged

What the scanner saw

Install Lifecycle Suppresses Failure: postinstall="find node_modules -name '*.sol' -type f | xargs grep -l 'pragma solidity 0.8.23;' 2>/dev/null | xargs sed -i '' 's/pragma solidity 0.8.23;/pragma solidity 0.8.26;/g' 2>/dev/null || true"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high
Last checked
highRisk
17Score
0.0.11Version
Status history (1 event)
  1. newavailable · risk high · score 17 · status changed

Evidence

Static findings

2 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
highInstall Lifecycle Suppresses Failurepackage.jsonpostinstall="find node_modules -name '*.sol' -type f | xargs grep -l 'pragma solidity 0.8.23;' 2>/dev/null | xargs sed -i '' 's/pragma solidity 0.8.23;/pragma solidity 0.8.26;/g' 2>/dev/null || true"20
Show all 2 findings (low-signal and informational)
SeverityKindPathDetailPoints
highInstall Lifecycle Suppresses Failurepackage.jsonpostinstall="find node_modules -name '*.sol' -type f | xargs grep -l 'pragma solidity 0.8.23;' 2>/dev/null | xargs sed -i '' 's/pragma solidity 0.8.23;/pragma solidity 0.8.26;/g' 2>/dev/null || true"20
lowInstall-time lifecycle scriptpackage.jsonpostinstall="find node_modules -name '*.sol' -type f | xargs grep -l 'pragma solidity 0.8.23;' 2>/dev/null | xargs sed -i '' 's/pragma solidity 0.8.23;/pragma solidity 0.8.26;/g' 2>/dev/null || true"5

Manifest

Package metadata

Scripts8
  • artifactssource ./.env && npx sphinx artifacts --org-id 'ea165b21-7cdc-4d7b-be59-ecdd4c26bee4' --project-name 'revnet-core-v6'
  • coverageforge coverage --match-path "./src/*.sol" --report lcov --report summary
  • deploy:mainnetssource ./.env && export START_TIME=$(date +%s) && npx sphinx propose ./script/Deploy.s.sol --networks mainnets
  • deploy:mainnets:1_1source ./.env && npx sphinx propose ./script/Deploy1_1.s.sol --networks mainnets
  • deploy:testnetssource ./.env && export START_TIME=$(date +%s) && npx sphinx propose ./script/Deploy.s.sol --networks testnets
  • deploy:testnets:1_1source ./.env && npx sphinx propose ./script/Deploy1_1.s.sol --networks testnets
  • postinstallfind node_modules -name '*.sol' -type f | xargs grep -l 'pragma solidity 0.8.23;' 2>/dev/null | xargs sed -i '' 's/pragma solidity 0.8.23;/pragma solidity 0.8.26;/g' 2>/dev/null || true
  • testforge test
Dependencies11
  • @bananapus/721-hook-v6^0.0.15
  • @bananapus/buyback-hook-v6^0.0.11
  • @bananapus/core-v6^0.0.15
  • @bananapus/ownable-v6^0.0.8
  • @bananapus/permission-ids-v6^0.0.7
  • @bananapus/router-terminal-v6^0.0.10
  • @bananapus/suckers-v6^0.0.9
  • @croptop/core-v6^0.0.14
  • @openzeppelin/contracts^5.6.1
  • @uniswap/v4-core^1.0.2
  • @uniswap/v4-periphery^1.0.3