Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 179
- Versions published
- 10
- First published
- Jan 2026
- Publisher
- simon_he
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@simon_he/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@simon_he/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Obfuscation Density: high encoded/escaped-token density
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 12 · status changed
Evidence
Static findings
1 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Obfuscation Density | package/dist/markdown.cjs | high encoded/escaped-token density | 12 |
Manifest
Package metadata
Scripts73
api:check-manifesttsx scripts/check-api-manifest.tsapi:difftsx scripts/diff-api-manifest.tsbench:baselinetsx scripts/check-bench-baselines.tsbench:baseline:timingBENCH_TIMING=1 tsx scripts/check-bench-baselines.tsbench:dom-renderertsx scripts/bench-dom-renderer.tsbench:phase2tsx scripts/bench-phase2.tsbench:scroll-mailboxtsx scripts/bench-scroll-mailbox.tsbench:vfortsx scripts/bench-vfor.tsbuildpnpm run build:checkedbuild:checkednode scripts/run-build-checked.mjs && node scripts/check-build-warnings.mjs .tmp/build.logbuild:examplespnpm run build && pnpm -C examples/basic buildbuild:examples:terminalpnpm run build && pnpm -C examples/basic build:terminalbuild:fastpnpm run build:rawbuild:rawrimraf dist && tsdown && node scripts/build-cjs.mjs && tsc -p tsconfig.build.json --emitDeclarationOnly && node scripts/fix-vue-dts-compat.mjs && node scripts/create-cjs-dts.mjscheck:dist-dtsnode scripts/check-dist-dts.mjscheck:hidden-unicodenode scripts/check-hidden-unicode.cjscheck:tracked-build-outputnode scripts/check-tracked-build-output.cjsdevtsdown --watchdocs:buildpnpm run docs:gen && pnpm run docs:check-public-descriptions && pnpm run api:check-manifest && vitepress build docsdocs:check-public-descriptionstsx scripts/check-public-api-docs.tsdocs:devpnpm run docs:gen && vitepress dev docsdocs:gentsx scripts/generate-component-api-docs.tsdocs:previewvitepress preview docse2eplaywright test --project=smokee2e:browser-regressionsplaywright test --project=browser-regressions-chromium --project=browser-regressions-firefox --project=browser-regressions-webkite2e:smokeplaywright test --project=smokeexample:agent-consolepnpm run build && pnpm -C examples/agent-console devexample:agent-console:smokepnpm run build && pnpm -C examples/agent-console smokeexample:agent-console:terminalpnpm run build && pnpm -C examples/agent-console terminalexample:agent-console:terminal:smokepnpm run build && pnpm -C examples/agent-console terminal:smoke- …and 43 more.
Dependencies1
stream-markdown-parser1.0.0