Package evidence

@swarm.ing/[email protected]

Large Javascript Payload: 9922528 bytes

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 760
Versions published: 22
First published: Apr 2026
Publisher: GitHub ActionsTrusted automation · −70% score

Effective trust discount applied: −70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@swarm.ing/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@swarm.ing/[email protected]"],"fail_on":"review"}'

PublisherGitHub Actions

Artifact bytes1,864,738

Previous version2.0.32

Published2026-05-25T10:19:19.982Z

SHA-256513ae0d7c2e8dd2686220e4e51ac6044c26cad2d5ef616c4c16f9f3ff2eafcfe

Why flagged

What the scanner saw

Large Javascript Payload: 9922528 bytes

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

19d agoLast checked

reviewRisk

3Score

2.0.33Version

Status history (1 event)

new → available19d ago · risk review · score 3 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
medium	Large Javascript Payload	package/dist/cli.js	9922528 bytes	10

Manifest

Package metadata

Scripts44

buildrm -rf ./dist && rm -rf pieui-*.tgz && bun run build:clean && NODE_ENV=production bun run build:esm && NODE_ENV=production bun run build:cjs && NODE_ENV=production bun run build:components:esm && NODE_ENV=production bun run build:components:cjs && NODE_ENV=production bun run build:storybook:esm && NODE_ENV=production bun run build:storybook:cjs && NODE_ENV=production bun run build:storybook:addon:esm && NODE_ENV=production bun run build:storybook:addon:cjs && NODE_ENV=production bun run build:storybook:addon:preset && bun run build:banner && NODE_ENV=production bun run build:types && NODE_ENV=production bun run build:cli && bun src/cli.ts postbuild --src-dir src --out-dir dist && bun pm pack
build:bannernode -e "const fs=require('fs');['dist/index.esm.js','dist/index.js','dist/components/index.esm.js','dist/components/index.js','dist/storybook/index.esm.js','dist/storybook/index.js','dist/storybook/addon/index.esm.js','dist/storybook/addon/index.js'].forEach(f=>{if(fs.existsSync(f)){fs.writeFileSync(f,'\"use client\";\n'+fs.readFileSync(f,'utf8'))}})"
build:cjsbun build src/index.ts --outfile dist/index.js --format cjs --target node --jsx=automatic --jsx-import-source=react --minify --packages=external
build:cjs:debugbun build src/index.ts --outfile dist/index.js --format cjs --target node --jsx=automatic --jsx-import-source=react --packages=external
build:cleanrm -rf dist
build:clibun build src/cli.ts --outfile dist/cli.js --format cjs --target node --external vm2 && mkdir -p dist/code && cp -R src/code/public dist/code/
build:components:cjsbun build src/components/index.ts --outfile dist/components/index.js --format cjs --target node --jsx=automatic --jsx-import-source=react --minify --packages=external
build:components:cjs:debugbun build src/components/index.ts --outfile dist/components/index.js --format cjs --target node --jsx=automatic --jsx-import-source=react --packages=external
build:components:esmbun build src/components/index.ts --outfile dist/components/index.esm.js --format esm --target browser --jsx=automatic --jsx-import-source=react --minify --packages=external
build:components:esm:debugbun build src/components/index.ts --outfile dist/components/index.esm.js --format esm --target browser --jsx=automatic --jsx-import-source=react --packages=external
build:debugrm -rf ./dist && rm -rf pieui-*.tgz && bun run build:clean && NODE_ENV=production bun run build:esm:debug && NODE_ENV=production bun run build:cjs:debug && NODE_ENV=production bun run build:components:esm:debug && NODE_ENV=production bun run build:components:cjs:debug && NODE_ENV=production bun run build:types && NODE_ENV=production bun run build:cli && bun src/cli.ts postbuild --src-dir src --out-dir dist && bun pm pack
build:esmbun build src/index.ts --outfile dist/index.esm.js --format esm --target browser --jsx=automatic --jsx-import-source=react --minify --packages=external
build:esm:debugbun build src/index.ts --outfile dist/index.esm.js --format esm --target browser --jsx=automatic --jsx-import-source=react --packages=external
build:storybook:addon:cjsbun build src/storybook/addon/index.tsx --outfile dist/storybook/addon/index.js --format cjs --target node --jsx=automatic --jsx-import-source=react --minify --packages=external
build:storybook:addon:esmbun build src/storybook/addon/index.tsx --outfile dist/storybook/addon/index.esm.js --format esm --target browser --jsx=automatic --jsx-import-source=react --minify --packages=external
build:storybook:addon:manager:cjsbun build src/storybook/addon/manager.tsx --outfile dist/storybook/addon/manager.js --format cjs --target node --jsx=automatic --jsx-import-source=react --minify --packages=external
build:storybook:addon:manager:esmbun build src/storybook/addon/manager.tsx --outfile dist/storybook/addon/manager.esm.js --format esm --target browser --jsx=automatic --jsx-import-source=react --minify --packages=external
build:storybook:addon:presetmkdir -p dist/storybook/addon && cp src/storybook/addon/preset.cjs dist/storybook/addon/preset.js
build:storybook:cjsbun build src/storybook/index.tsx --outfile dist/storybook/index.js --format cjs --target node --jsx=automatic --jsx-import-source=react --minify --packages=external
build:storybook:esmbun build src/storybook/index.tsx --outfile dist/storybook/index.esm.js --format esm --target browser --jsx=automatic --jsx-import-source=react --minify --packages=external
build:typestsc --emitDeclarationOnly
devbun run src/index.ts
lintprettier --write ./
prepublishOnlybun run build
publish:betanpm publish --tag beta
publish:npmnpm publish
releasenpm version patch && git push && git push --tags
release:dry-runnpm publish --dry-run
release:majornpm version major && git push --tags
release:minornpm version minor && git push --tags
…and 14 more.

Dependencies17

@openai/agents^0.4.5
@tanstack/react-query^5.90.20
@telegram-apps/sdk^3.11.8
annyang^2.6.1
axios^1.15.0
axios-date-transformer^1.2.1
centrifuge^5.5.3
clsx^2.1.1
html-react-parser^5.2.16
jszip^3.10.1
mitt^3.0.1
react-toastify^11.0.5
socket.io-client^4.8.3
tailwind-merge^3.4.0
vm2^3.10.3
zod^4.3.6
zod-from-json-schema^0.5.2