PkgRadar

Package evidence

@yrda/[email protected]

New Account With Lifecycle Hook: package first published 47 day(s) ago, 3 total version(s), has lifecycle hook

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
18
Versions published
3
First published
Apr 2026
Publisher
haukur

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@yrda/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@yrda/[email protected]"],"fail_on":"review"}'
Publisherhaukur
Artifact bytes77,920,583
Previous version0.1.0-next.0
Published2026-04-30T22:58:50.556Z
SHA-256

Why flagged

What the scanner saw

New Account With Lifecycle Hook: package first published 47 day(s) ago, 3 total version(s), has lifecycle hook

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
5Score
0.1.0-next.1Version
Status history (1 event)
  1. newavailable · risk review · score 5 · status changed

Evidence

Static findings

3 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumNew Account With Lifecycle Hookpackage.jsonpackage first published 47 day(s) ago, 3 total version(s), has lifecycle hook10
Show all 3 findings (low-signal and informational)
SeverityKindPathDetailPoints
mediumNew Account With Lifecycle Hookpackage.jsonpackage first published 47 day(s) ago, 3 total version(s), has lifecycle hook10
lowInstall-time lifecycle scriptpackage.jsonpostinstall="bun run ./skriftur/afþjappa-pakkaðan-kjarna.mjs || node ./skriftur/afþjappa-pakkaðan-kjarna.mjs"5
lowOversized Unscannedmanifesttarball exceeds the 50MB fetch cap; scanned registry metadata (install scripts + dependencies) only0

Manifest

Package metadata

Scripts28
  • afköstbun run ./viðmið/smíða-afköst.ts
  • afþjappa:kjarnabun run ./skriftur/afþjappa-pakkaðan-kjarna.mjs
  • dauður-kóðibunx --bun knip
  • docker:node-reykprófdocker compose run --build --rm node-reykprof
  • docker:prófdocker compose run --build --rm yrda-beygir bun test
  • docker:smíða:kjarnadocker compose run --build --rm yrda-beygir bun run ./skriftur/smíða-kjarna.ts /gögn
  • docker:viðmiðdocker compose run --build --rm yrda-beygir bun run viðmið
  • eslintbunx --bun eslint .
  • kembabun run prettier:laga && bun run smíða:skráarsnið --athuga && bun run eslint && bun run tsc && bun run dauður-kóði
  • kemba:skoðabun run smíða:skráarsnið --athuga && bun run prettier:athuga && bun run eslint && bun run tsc && bun run dauður-kóði
  • mæla:kjarnagagnalesturbun run ./skriftur/mæla-kjarnagagnalestur.ts
  • postinstallbun run ./skriftur/afþjappa-pakkaðan-kjarna.mjs || node ./skriftur/afþjappa-pakkaðan-kjarna.mjs
  • prepackbun run ./skriftur/undirbúa-pökkun.mjs
  • prettier:athugabunx --bun prettier --check .
  • prettier:lagabunx --bun prettier --write .
  • prófbun test
  • skjölbunx --bun typedoc --options typedoc/typedoc.json
  • smíða:kjarnabun run ./skriftur/smíða-kjarna.ts .gögn
  • smíða:kjarna:þjappabun run ./skriftur/smíða-kjarna.ts .gögn --þjappa
  • smíða:nodebun run ./skriftur/smíða-node-dreifingu.ts
  • smíða:skráarsniðbun run ./skriftur/smíða-skráarsnið.ts
  • smíða:uppflettisettbun run ./viðmið/gögn/smíða-föst-uppflettisett.ts
  • sækja:gögnbun run ./skriftur/sækja-kristínarsnið.ts .gögn
  • tscbunx --bun tsc --noEmit
  • uppfæra:gagnaskyndiminni./skriftur/uppfæra-kristínarsnið-gagnaskyndiminni.sh
  • viðmiðbun run ./viðmið/keyra.ts
  • viðmið:aðhvarfsgreiningbun run ./viðmið/aðhvarfsgreining.ts
  • þjappa:kjarnabun run ./skriftur/þjappa-pakkaðan-kjarna.mjs