PkgRadar

Package evidence

@unstoppabledomains/[email protected]

Remote Payload: matched "raw.githubusercontent.com"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
18Established · −30% score
First published
Sep 2025
Publisher
vbuleiko

Effective trust discount applied: 30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@unstoppabledomains/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@unstoppabledomains/[email protected]"],"fail_on":"review"}'
Publishervbuleiko
Artifact bytes2,612,848
Previous version1.0.17
Published2026-04-23T12:46:49.187Z
SHA-256d45355db31be2a6ca1e1d1a00429de9c399aac3391a8d76b901263e5d61f159d

Why flagged

What the scanner saw

Remote Payload: matched "raw.githubusercontent.com"

1 remote tarball(s) were followed statically.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
17Score
1.0.18Version
Status history (1 event)
  1. newavailable · risk review · score 17 · status changed

Evidence

Static findings

3 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumRemote Payloadpackage/dist/sandbox/foundry/foundryup.shmatched "raw.githubusercontent.com"12
mediumRemote Dependency Specpackage.jsondevDependencies.dot-crypto="https://github.com/unstoppabledomains/dot-crypto.git#v2.0.1"8
Show all 3 findings (low-signal and informational)
SeverityKindPathDetailPoints
mediumRemote Payloadpackage/dist/sandbox/foundry/foundryup.shmatched "raw.githubusercontent.com"12
mediumRemote Dependency Specpackage.jsondevDependencies.dot-crypto="https://github.com/unstoppabledomains/dot-crypto.git#v2.0.1"8
lowInstall-time lifecycle scriptpackage.jsonpostinstall="[ ! -d ./.git ] || yarn husky install"5

Remote payloads

Followed remote artifacts

SourceURLRiskScoreSummary
devDependencies.dot-cryptohttps://github.com/unstoppabledomains/dot-crypto.git#v2.0.1error0invalid gzip header

Manifest

Package metadata

Scripts30
  • analyzeslither . --hardhat-artifacts-directory ./.artifacts --sarif slither.sarif --config-file .slither.json
  • build:ciyarn build:package && yarn rebuild:sandbox && yarn copy:assets
  • build:packageyarn compile; rm -Rf dist/*; tsc --project tsconfig.build.json
  • compilehardhat compile --force;
  • copy:assetsmkdir -p dist/sandbox/foundry/bin; cp sandbox/foundry/bin/.gitkeep dist/sandbox/foundry/bin/.gitkeep; cp sandbox/state.json dist/sandbox/; cp sandbox/foundry/foundryup.sh dist/sandbox/foundry;
  • coveragenode --max-old-space-size=8192 ./node_modules/.bin/hardhat coverage
  • deploy:amoyhardhat run --network amoy scripts/deploy.ts
  • deploy:localhosthardhat run --network localhost scripts/deploy.ts
  • deploy:mainnethardhat run --network mainnet scripts/deploy_UNS.ts
  • deploy:mainnet:ltohardhat run --network polygon scripts/deploy_LTOCustody.ts
  • deploy:sepoliahardhat run --network sepolia scripts/deploy.ts
  • gas-reportenv ENABLE_GAS_REPORT=true yarn test:sol
  • lintyarn lint:ts && yarn lint:sol
  • lint:fixyarn lint:ts:fix && yarn lint:sol:fix
  • lint:solsolhint 'contracts/**/*.sol' && prettier -c 'contracts/**/*.sol'
  • lint:sol:fixprettier --write "contracts/**/*.sol"
  • lint:tseslint --ignore-path .gitignore .
  • lint:ts:fixyarn prettier:ts:fix && eslint --ignore-path .gitignore . --fix
  • make:umlnpx sol2uml ./contracts -b UNSRegistry,MintingManager,ProxyReader -o ./assets/uns.svg -i ./contracts/mocks
  • postinstall[ ! -d ./.git ] || yarn husky install
  • prettier:ts:checkprettier --check --config ./.prettierrc --ignore-path ./.prettierignore "./**/*.ts"
  • prettier:ts:fixprettier --write -l --config ./.prettierrc --ignore-path ./.prettierignore "./**/*.ts"
  • rebuild:sandboxenv HARDHAT_NETWORK=sandbox DEBUG='UNS:*' ts-node --files ./sandbox/rebuild.ts
  • start:nodehardhat node
  • testyarn test:sol && yarn test:sandbox
  • test:sandboxenv HARDHAT_NETWORK=sandbox mocha --timeout 100000 --require ts-node/register --exit ./sandbox/**/*.test.ts
  • test:solhardhat test --typecheck
  • upgrade:localhosthardhat run --network localhost scripts/upgrade.ts
  • upgrade:mainnethardhat run --network mainnet scripts/upgrade.ts
  • upgrade:sepoliahardhat run --network sepolia scripts/upgrade.ts
Dependencies6
  • @ensdomains/address-encoder^0.2.22
  • bip39^3.0.0
  • bip44-constants^243.0.0
  • ethers^6.14.4
  • hdkey^2.0.1
  • web3^1.7.4