Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 99
- First published
- Apr 2026
- Publisher
- waydelyle
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@swarmvaultai/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@swarmvaultai/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Credential file access: matched "aws_access_key"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 50 · status changed
Evidence
Static findings
20 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 20 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Credential file access | package/dist/chunk-2PN46RDI.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-563TZ4TZ.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-5GEPTIZE.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-CSPDMCON.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-CVFY54CF.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-DAJAZPPO.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-HKU2T5JX.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-JJDJF2P3.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-JTRE7C7P.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-L7DKPPV4.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-RN56HUXA.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-S2E65WRI.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-TQIIJVVG.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-U7JO257M.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-USSP4GVB.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-V7KX3AQD.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-WOA5LSNB.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-WWP3VPEJ.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-YFKWMXJ6.js | matched "aws_access_key" | 5 |
| low | Credential file access | package/dist/chunk-Z552HHPV.js | matched "aws_access_key" | 5 |
Manifest
Package metadata
Scripts5
buildtest -f ../viewer/dist/index.html || pnpm --dir ../viewer build; tsup src/index.ts --format esm --dts && tsup --config tsup.hooks.config.ts && node ../../scripts/copy-engine-grammar-assets.mjs && rm -rf dist/viewer && mkdir -p dist/viewer && cp -R ../viewer/dist/. dist/viewer/prepublishOnlynode ../../scripts/check-release-sync.mjs && node ../../scripts/check-published-manifests.mjspretesttsup --config tsup.hooks.config.tstestSWARMVAULT_ALLOW_PRIVATE_URLS=1 vitest run --testTimeout=30000typechecktsc --noEmit
Dependencies38
@asciidoctor/core^3.0.4@modelcontextprotocol/sdk^1.29.0@mozilla/readability^0.6.0@retorquere/bibtex-parser^9.0.29@vscode/tree-sitter-wasm^0.3.1chokidar^4.0.3compromise^14.14.4csv-parse^6.2.1fast-xml-parser^5.8.0fflate^0.8.2graphology^0.26.0graphology-communities-louvain^2.0.2gray-matter^4.0.3ignore^7.0.5ini^6.0.0istextorbinary^9.5.0jsdom^27.0.0mailparser^3.9.8mammoth^1.12.0mdast-util-from-markdown^2.0.3mime-types^3.0.1neo4j-driver^5.28.3node-ical^0.26.0node-mbox^2.0.0node-sql-parser^5.4.0orga^4.7.1pdfjs-dist^5.4.394rtf-parser^1.3.3smol-toml^1.6.1subtitle^4.2.2- …and 8 more.