Recommended action
Block this updateStatic evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@vultisig/[email protected]"],"fail_on":"high"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@vultisig/[email protected]"],"fail_on":"high"}'Why flagged
What the scanner saw
Large Javascript Payload: 2590017 bytes
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk high · score 50 · status changed
Related candidates
Linked campaigns and clusters
rcoderdev
12 members · evidence strength 78Evidence
Static findings
5 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Large Javascript Payload | package/dist/index.browser.js | 2590017 bytes | 10 |
| medium | Large Javascript Payload | package/dist/index.chrome-extension.js | 2586302 bytes | 10 |
| medium | Large Javascript Payload | package/dist/index.electron-main.cjs | 2915550 bytes | 10 |
| medium | Large Javascript Payload | package/dist/index.node.cjs | 2915209 bytes | 10 |
| medium | Large Javascript Payload | package/dist/index.node.esm.js | 2904682 bytes | 10 |
Manifest
Package metadata
Scripts51
_____BUILD__________HOOKS__________PLATFORM_BUILDS__________QUALITY__________TEST_BY_TYPE__________TEST_E2E_INDIVIDUAL__________TEST_RUN__________TEST_UTILS__________TEST_WATCH_____buildyarn clean && yarn build:platforms && yarn build:typesbuild:fastyarn clean && BUILD_TARGET=node rollup -c rollup.platforms.config.jsbuild:jsyarn build:platformsbuild:platform:browserBUILD_TARGET=browser rollup -c rollup.platforms.config.jsbuild:platform:chrome-extensionBUILD_TARGET=chrome-extension rollup -c rollup.platforms.config.jsbuild:platform:electronBUILD_TARGET=electron rollup -c rollup.platforms.config.jsbuild:platform:nodeBUILD_TARGET=node rollup -c rollup.platforms.config.jsbuild:platform:react-nativeBUILD_TARGET=react-native rollup -c rollup.platforms.config.jsbuild:platform:viteBUILD_TARGET=vite rollup -c rollup.platforms.config.jsbuild:platformsconcurrently "yarn build:platform:node" "yarn build:platform:browser" "yarn build:platform:electron" "yarn build:platform:chrome-extension" "yarn build:platform:react-native" "yarn build:platform:vite"build:typesrollup -c rollup.types.config.jscleanrm -rf distdevBUILD_TARGET=node rollup -c rollup.platforms.config.js -wlinteslint --config ../../.config/eslint.config.mjs src/**/*.{ts,tsx}lint:fixeslint --config ../../.config/eslint.config.mjs src/**/*.{ts,tsx} --fixprepackecho 'Build skipped for development'prepublishOnlyecho 'Typecheck skipped - CI runs quality checks before publish'testvitest run --config tests/unit/vitest.config.ts tests/unittest:allyarn test:unit && yarn test:integration && yarn test:e2etest:changedvitest related --runtest:coveragevitest run --config tests/unit/vitest.config.ts tests/unit --coverage- …and 21 more.
Dependencies52
7z-wasm^1.2.0@bufbuild/protobuf^2.11.0@coral-xyz/anchor^0.31.1@cosmjs/stargate^0.37.0@formatjs/intl-getcanonicallocales^2.5.0@formatjs/intl-locale^4.2.0@formatjs/intl-numberformat^8.15.0@formatjs/intl-pluralrules^5.4.0@lifi/sdk^3.15.5@mysten/sui^2.3.0@noble/hashes^1.8.0@polkadot/api^16.4.6@scure/bip39^1.6.0@solana/spl-token^0.4.14@solana/web3.js^1.98.4@ton/core^0.63.1@ton/crypto^3.3.0@trustwallet/wallet-core^4.6.9@vultisig/lib-dkls0.9.0@vultisig/lib-mldsa0.9.0@vultisig/lib-schnorr0.9.0@vultisig/mpc-types0.2.3axios^1.16.1bip32^5.0.0bitcoinjs-lib^7.0.0bs58^6.0.0bs58check^4.0.0buffer^6.0.3cbor-x^1.6.0crypto-browserify^3.12.1- …and 22 more.