Recommended action
Block this updateStatic evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@specverse/[email protected]"],"fail_on":"high"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@specverse/[email protected]"],"fail_on":"high"}'Why flagged
What the scanner saw
Credential file access: matched ".aws"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk high · score 57 · status changed
Related candidates
Linked campaigns and clusters
cainen
6 members · evidence strength 79Evidence
Static findings
10 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Credential file access | package/prompts/core/standard/v5/realize.prompt.yaml | matched ".aws" | 30 |
Show all 10 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Credential file access | package/prompts/core/standard/v5/realize.prompt.yaml | matched ".aws" | 30 |
| low | Obfuscation | package/scripts/maintenance/convert-library-yaml-to-v31.js | matched "\\x1b" | 3 |
| low | Obfuscation | package/dist/registry/formatters/error-formatter.js | matched "\\x1b" | 3 |
| low | Obfuscation | package/templates/backend-only/generated/code/integration-test.template.js | matched "\\x1b" | 3 |
| low | Obfuscation | package/templates/default/generated/code/integration-test.template.js | matched "\\x1b" | 3 |
| low | Obfuscation | package/templates/frontend-only/generated/code/integration-test.template.js | matched "\\x1b" | 3 |
| low | Obfuscation | package/templates/full-stack/generated/code/integration-test.template.js | matched "\\x1b" | 3 |
| low | Obfuscation | package/scripts/test/run-all-tests.js | matched "\\x1b" | 3 |
| low | Obfuscation | package/dist/cli/specverse-cli.js | matched "\\x1b" | 3 |
| low | Obfuscation | package/scripts/test/validate-all-specly.js | matched "\\x1b" | 3 |
Manifest
Package metadata
Scripts32
_comment_generatedAfter realize:all, run 'test:generated:run' to set up the generated project_comment_realizeUse 'realize:all' to generate complete runnable project (ORM, services, routes, scaffolding, main.ts)buildnpm run validate && npm run inferbuild:completenpm run validate && npm run infer && npm run infer:deployment && npm run generate:diagrams && npm run generate:docsbuild:fullnpm run validate && npm run infer:deployment && npm run generate:diagramsdevnpm run validate && npm run inferformatspecverse dev format specs/main.specly --writegenerate:completenpm run infer && npm run infer:docsgenerate:diagram:architecturespecverse gen diagram specs/main.specly -t model-architecture -o docs/diagrams/architecture.mmdgenerate:diagram:deploymentspecverse gen diagram specs/main.specly -t deployment-topology -o docs/diagrams/deployment.mmdgenerate:diagram:erspecverse gen diagram specs/main.specly -t er-diagram -o docs/diagrams/er-diagram.mmdgenerate:diagram:event-flowspecverse gen diagram specs/main.specly -t event-flow-layered -o docs/diagrams/event-flow-layered.mmdgenerate:diagram:lifecyclespecverse gen diagram specs/main.specly -t lifecycle -o docs/diagrams/lifecycle.mmdgenerate:diagramsspecverse gen diagram specs/main.specly --output docs/diagramsgenerate:docsspecverse gen docs specs/main.specly --output docs/main-docs.mdinferspecverse infer specs/main.specly -o generated/{{projectNameKebab}}-complete.speclyinfer:deploymentspecverse infer specs/main.specly --deployment --environment development -o generated/{{projectNameKebab}}-deployed.speclyinfer:deployment:docsspecverse gen docs generated/{{projectNameKebab}}-deployed.specly --output generated/docs/deployed-docs.md && specverse gen diagram generated/{{projectNameKebab}}-deployed.specly --output generated/docs/deployed-diagramsinfer:deployment:prodspecverse infer specs/main.specly --deployment --environment production -o generated/{{projectNameKebab}}-deployed-prod.speclyinfer:deployment:prod:docsspecverse gen docs generated/{{projectNameKebab}}-deployed-prod.specly --output generated/docs/deployed-prod-docs.md && specverse gen diagram generated/{{projectNameKebab}}-deployed-prod.specly --output generated/docs/deployed-prod-diagramsinfer:docsspecverse gen docs generated/{{projectNameKebab}}-complete.specly --output generated/docs/complete-docs.md && specverse gen diagram generated/{{projectNameKebab}}-complete.specly --output generated/docs/complete-diagramsprocessspecverse gen yaml specs/main.specly -o generated/{{projectNameKebab}}-processed.yamlrealize:allspecverse realize all specs/main.specly -m manifests/implementation.yaml -o generated/coderealize:ormspecverse realize orm specs/main.specly -m manifests/implementation.yamlrealize:routesspecverse realize routes specs/main.specly -m manifests/implementation.yamlrealize:servicesspecverse realize services specs/main.specly -m manifests/implementation.yamltest./scripts/test-all.shtest:generated:compilecd generated/code && npx tsc --noEmit --skipLibCheck 2>&1 || echo 'TypeScript compilation check (some errors expected without npm install)'test:generated:runcd generated/code && npm install && npm run db:generate && echo 'Generated code is ready to run with: npm run dev'validatespecverse validate specs/main.specly- …and 2 more.