Package evidence

@tscircuit/[email protected]

Remote Dependency Spec: devDependencies.@tsci/seveibar.dataset-srj13="git+https://github.com/tscircuit/dataset-srj13.git#56db70039aeb28a76540fe951b5a96be60f9e949"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 584Mature · −50% score
First published: Feb 2025
Publisher: seveibar

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@tscircuit/[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@tscircuit/[email protected]"],"fail_on":"high"}'

Publisherseveibar

Artifact bytes2,110,821

Previous version0.0.588

Published2026-06-12T12:27:36.392Z

SHA-2563c4eae009e6084fdaee7bec7fc42a43a0460fd08d977deeceeb671205637efaf

Why flagged

What the scanner saw

Remote Dependency Spec: devDependencies.@tsci/seveibar.dataset-srj13="git+https://github.com/tscircuit/dataset-srj13.git#56db70039aeb28a76540fe951b5a96be60f9e949"

3 remote tarball(s) were followed statically.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high

25h agoLast checked

highRisk

58Score

0.0.589Version

Status history (1 event)

new → available25h ago · risk high · score 58 · status changed

Evidence

Static findings

20 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
medium	Remote Dependency Spec	package.json	devDependencies.@tsci/seveibar.dataset-srj13="git+https://github.com/tscircuit/dataset-srj13.git#56db70039aeb28a76540fe951b5a96be60f9e949"	8
medium	Remote Dependency Spec	package.json	devDependencies.@tsci/tscircuit.dataset-srj12-bus-routing="git+https://github.com/tscircuit/dataset-srj12-bus-routing.git#ba82f86a7d1288566b7144eb8661ad2549c5f328"	8
medium	Remote Dependency Spec	package.json	devDependencies.@tsci/tscircuit.dataset-srj16-bga-breakouts="git+https://github.com/tscircuit/dataset-srj16-bga-breakouts.git#e8b2e70e1f50a0dba3ad977e140766f53b9b75fb"	8
medium	Remote Dependency Spec	package.json	devDependencies.@tsci/tscircuit.dataset-srj19-bga-passive-overlays="git+https://github.com/tscircuit/dataset-srj19.git#5104d03ed72a9090d76ea1f42ae9f4bc439f7534"	8
medium	Remote Dependency Spec	package.json	devDependencies.@tsci/tscircuit.dataset-srj20-partial-bga-breakouts="git+https://github.com/tscircuit/dataset-srj20.git#9384fb8f45fb479b97178ddfa42fc74c69afbbec"	8
medium	Remote Dependency Spec	package.json	devDependencies.@tscircuit/autorouting-dataset-01="git+https://github.com/tscircuit/autorouting-dataset-01.git#f9c0a8fe11e9bc05064bdafdf61f33eb38fa2b8e"	8
medium	Remote Dependency Spec	package.json	devDependencies.@tscircuit/dataset-srj05="git+https://github.com/tscircuit/dataset-srj05.git#9a49c126a89c083dc4d2b72cd17184735f637762"	8
medium	Remote Dependency Spec	package.json	devDependencies.@tscircuit/fixed-via-hypergraph-solver="https://codeload.github.com/tscircuit/fixed-via-hypergraph-solver/tar.gz/bed37a6201b5dd07c9cc68b828917ecc20d6d049"	8
medium	Remote Dependency Spec	package.json	devDependencies.@tscircuit/high-density-a01="git+https://github.com/tscircuit/high-density-a01.git#9a3a3d"	8
medium	Remote Dependency Spec	package.json	devDependencies.@tscircuit/rectdiff="git+https://github.com/tscircuit/rectdiff.git#4af388d"	8
medium	Remote Dependency Spec	package.json	devDependencies.dataset-srj11-45-degree="git+https://github.com/tscircuit/dataset-srj11-45-degree.git#c49dd43c38f85fa2777c7d67393df413ca8d5a75"	8
medium	Remote Dependency Spec	package.json	devDependencies.dataset-srj18="git+https://github.com/tscircuit/dataset-srj18.git#2891c926c72cede8b60984018f926c3c92c39720"	8
medium	Remote Dependency Spec	package.json	devDependencies.high-density-dataset-z04="git+https://github.com/tscircuit/high-density-dataset-z04.git#b9128ed52f5a50102b6526319be1d4ec33dca2c2"	8
medium	Remote Dependency Spec	package.json	devDependencies.high-density-repair01="git+https://github.com/tscircuit/high-density-repair01.git#44853f591f596fc1ef266e63b90082d409834bf0"	8
medium	Remote Dependency Spec	package.json	devDependencies.high-density-repair02="https://codeload.github.com/tscircuit/high-density-repair02/tar.gz/2afc0cbba3bf2f7eb6b9cd33615d21e9ad9352d4"	8
medium	Remote Dependency Spec	package.json	devDependencies.high-density-repair03="git+https://github.com/tscircuit/high-density-repair03.git#db73a5f"	8
medium	Remote Dependency Spec	package.json	devDependencies.pcb-poly-hyper-graph="https://codeload.github.com/tscircuit/pcb-poly-hyper-graph/tar.gz/80db1463c4a47506eeda15b2c14d59679de900f8"	8
medium	Remote Dependency Spec	package.json	devDependencies.tiny-hypergraph="git+https://github.com/tscircuit/tiny-hypergraph.git#c9aa5b7c9da5e007e2fff5d5c360490551fe3329"	8
medium	Remote Dependency Spec	package.json	devDependencies.tiny-hypergraph-poly="git+https://github.com/tscircuit/tiny-hypergraph.git#7b93b4c"	8
medium	Remote Dependency Spec	package.json	devDependencies.zdwiel-dataset="git+https://github.com/dwiel/tscircuit-benchmark.git#be36518b5bf51755dae92c230061ab3cf4e3e063"	8

Remote payloads

Followed remote artifacts

Source	URL	Risk	Score	Summary
devDependencies.@tscircuit/fixed-via-hypergraph-solver	https://codeload.github.com/tscircuit/fixed-via-hypergraph-solver/tar.gz/bed37a6201b5dd07c9cc68b828917ecc20d6d049	low	0	no remote findings
devDependencies.high-density-repair02	https://codeload.github.com/tscircuit/high-density-repair02/tar.gz/2afc0cbba3bf2f7eb6b9cd33615d21e9ad9352d4	review	8	remote_dependency_spec: devDependencies.dataset-hd08="https://github.com/tscircuit/dataset-hd08"
devDependencies.pcb-poly-hyper-graph	https://codeload.github.com/tscircuit/pcb-poly-hyper-graph/tar.gz/80db1463c4a47506eeda15b2c14d59679de900f8	review	8	remote_dependency_spec: devDependencies.tiny-hypergraph="git+https://github.com/tscircuit/tiny-hypergraph.git#7b93b4c"

Manifest

Package metadata

Scripts10

benchbun test tests/spatial-index-bench.test.ts
bug-reportbun run scripts/download-bug-report.ts
bug-report-with-testbun run scripts/create-bug-report-test.ts
buildtsup ./lib/index.ts --minify terser --external @tscircuit/core --external circuit-to-svg --format esm --dts --sourcemap
formatbiome format --write .
format:checkbiome format .
repomix:librepomix --ignore 'testing/**,**/TwoRouteHighDensitySolver/**,**/RouteStitchingSolver/**,solvers/CapacitySegmentPointOptimizer/CapacitySegmentPointOptimizer.ts' lib
run-samplebun scripts/run-sample.ts
startcosmos
vercel-buildcosmos-export

Dependencies2

fast-json-stable-stringify^2.1.0
object-hash^3.0.0