Package evidence
@system-inc/[email protected]
Suspicious Publish Context: {"package_age_days":0,"publisher":"kamsheffield","burst_same_day":0,"burst_week":0,"lure":{"kind":"token_affix","target":"type"},"version_anomaly":false,"new_account":false}
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 1
- First published
- Jun 2026
- Publisher
- kamsheffield
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@system-inc/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@system-inc/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Suspicious Publish Context: {"package_age_days":0,"publisher":"kamsheffield","burst_same_day":0,"burst_week":0,"lure":{"kind":"token_affix","target":"type"},"version_anomaly":false,"new_account":false}
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 10 · status changed
Evidence
Static findings
1 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Suspicious Publish Context | manifest | {"package_age_days":0,"publisher":"kamsheffield","burst_same_day":0,"burst_week":0,"lure":{"kind":"token_affix","target":"type"},"version_anomaly":false,"new_account":false} | 10 |
Manifest
Package metadata
Scripts41
buildnpx tsc --build ./tsconfig.cjs.json ./tsconfig.esm.json ./tsconfig.typings.jsonbuild:benchmarksnpx tsc --build ./benchmarks/tsconfig.jsonchecknpx npm-run-all --npm-path npm "check:*"check:benchmarksnpx tsc --project ./benchmarks/tsconfig.json --noEmitcheck:examplesnpx tsc --project ./examples/tsconfig.json --noEmitcheck:formatnpx prettier --check .check:lintnpx eslint .check:markdownnpx markdownlint "**/*.md"check:scriptnpx shellcheck ./.husky/pre-commitcheck:scriptsnpx tsc --project ./scripts/tsconfig.json --noEmitcheck:spellnpx cspell lint --config cspell.json --no-progress --show-context "**"check:typenpx npm-run-all --npm-path npm "check:type:*"check:type:cjsnpx tsc --project ./tsconfig.cjs.json --noEmitcheck:type:esmnpx tsc --project ./tsconfig.esm.json --noEmitcheck:type:testsnpx tsc --project ./tests/tsconfig.json --noEmitcheck:type:typingsnpx tsc --project ./tsconfig.typings.json --noEmit --emitDeclarationOnly falsecheck:versionnpx ts-node ./scripts/version.tscleannpx npm-run-all --npm-path npm "clean:*"clean:buildnpx shx rm -rf ./buildclean:build:benchmarksnpx shx rm -rf ./benchmarks/buildclean:coveragenpx shx rm -rf ./coveragedocsnpm run start --prefix websitefixnpx npm-run-all --npm-path npm "fix:*"fix:formatnpx prettier --write .fix:lintnpx eslint --fix .fix:markdownnpx markdownlint --fix "**/*.md"gen:docsnpx ts-node ./scripts/markdown.ts --on docsgen:readmenpx ts-node ./scripts/markdown.ts --on readmegen:sponsorkitnpx sponsorkit --width=320 --dir=./images --name=github-sponsorspostbuildnpx shx rm ./build/typings/shim.d.ts && npx shx cp ./src/shim.ts ./build/typings && npx ts-node ./scripts/package.json.ts- …and 11 more.
Dependencies3
@types/node*graphql-query-complexity^1.0.0tslib^2.6.3