Package evidence
@selfxyz/[email protected]
Remote Dependency Spec: dependencies.node-forge="github:remicolin/forge#17a11a632dd0e50343b3b8393245a2696f78afbb"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 934
- Versions published
- 9
- First published
- Jun 2025
- Publisher
- nicoshark
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@selfxyz/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@selfxyz/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Remote Dependency Spec: dependencies.node-forge="github:remicolin/forge#17a11a632dd0e50343b3b8393245a2696f78afbb"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 12 · status changed
Evidence
Static findings
27 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Dependency Spec | package.json | dependencies.node-forge="github:remicolin/forge#17a11a632dd0e50343b3b8393245a2696f78afbb" | 12 |
Show all 27 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Dependency Spec | package.json | dependencies.node-forge="github:remicolin/forge#17a11a632dd0e50343b3b8393245a2696f78afbb" | 12 |
| low | Obfuscation Density | package/dist/cjs/index.cjs | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/cjs/src/constants/skiPem.cjs | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/cjs/src/utils/csca.cjs | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/cjs/src/utils/index.cjs | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/cjs/src/utils/passports/core.cjs | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/cjs/src/utils/passports/genMockIdDoc.cjs | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/cjs/src/utils/passports/genMockPassportData.cjs | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/cjs/src/utils/passports/index.cjs | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/cjs/src/utils/passports/mock.cjs | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/cjs/src/utils/passports/mockGeneration.cjs | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/cjs/src/utils/passports/passport.cjs | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/cjs/src/utils/passports/passport_parsing/parseDscCertificateData.cjs | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/cjs/src/utils/trees.cjs | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/esm/index.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/esm/src/constants/skiPem.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/esm/src/utils/csca.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/esm/src/utils/index.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/esm/src/utils/passports/core.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/esm/src/utils/passports/genMockIdDoc.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/esm/src/utils/passports/genMockPassportData.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/esm/src/utils/passports/index.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/esm/src/utils/passports/mock.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/esm/src/utils/passports/mockGeneration.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/esm/src/utils/passports/passport.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/esm/src/utils/passports/passport_parsing/parseDscCertificateData.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/dist/esm/src/utils/trees.js | high encoded/escaped-token density | 0 |
Manifest
Package metadata
Scripts17
buildtsup && yarn build:types && yarn postbuildbuild:typestsc -p tsconfig.json --emitDeclarationOnly && tsc -p tsconfig.cjs.json --emitDeclarationOnlybuild:watchtsup --watchformatprettier --write .lintprettier --check .lint:importsyarn eslint --fix .lint:imports:checkyarn eslint .niceyarn format && yarn lint:importsnice:checkyarn lint && yarn lint:imports:checkpostbuildnode ./scripts/postBuild.mjsprepublishOnlyyarn buildtestvitest runtest:exportsnode scripts/validateExports.js && node scripts/testExports.jstest:scopevitest run tests/scope.test.tstest:uivitest --uitest:watchvitesttypestsc -p tsconfig.json
Dependencies29
@anon-aadhaar/corenpm:@selfxyz/anon-aadhaar-core@^0.0.1@openpassport/zk-kit-imt^0.0.5@openpassport/zk-kit-lean-imt^0.0.6@openpassport/zk-kit-smt^0.0.1@peculiar/x509^1.12.3@stablelib/cbor^2.0.1asn1.js^5.4.1asn1js^3.0.5axios^1.7.2buffer^6.0.3country-emoji^1.5.6country-iso-3-to-2^1.1.1elliptic^6.5.5ethers^6.14.4fs^0.0.1-securityhash.js^1.1.7i18n-iso-countries^7.13.0js-sha1^0.7.0js-sha256^0.11.0js-sha512^0.9.0json-to-ts^2.1.0jsrsasign^11.1.0node-forgegithub:remicolin/forge#17a11a632dd0e50343b3b8393245a2696f78afbbpath^0.12.7pkijs^3.2.4poseidon-lite^0.2.0snarkjs^0.7.5typescript-parser^2.6.1uuid^11.1.0