Package evidence
[email protected]
Remote Dependency Spec: devDependencies.parallelshell="github:darkguy2008/parallelshell#8fd83e2"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 138
- Versions published
- 102Mature · −50% score
- First published
- Jan 2017
- Publisher
- gregorybesson
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Remote Dependency Spec: devDependencies.parallelshell="github:darkguy2008/parallelshell#8fd83e2"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 5 · status changed
Evidence
Static findings
4 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Dependency Spec | package.json | devDependencies.parallelshell="github:darkguy2008/parallelshell#8fd83e2" | 8 |
Show all 4 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Dependency Spec | package.json | devDependencies.parallelshell="github:darkguy2008/parallelshell#8fd83e2" | 8 |
| low | Credential file access | package/dist/cli/cms/operations/initSite.js | matched "id_rsa" | 5 |
| low | Credential file access | package/src/cli/cms/operations/initSite.js | matched "id_rsa" | 5 |
| low | Large Javascript Payload | package/scripts/abe-type-code/partials/sass.worker.js | 3459549 bytes | 0 |
Manifest
Package metadata
Scripts22
build:frontnpm run js:admin && npm run js:users && npm run js:engine && npm run sasscompile./node_modules/.bin/babel --presets @babel/preset-env -d dist/ src/devnode src/tasks/nodemon.js & npm run watch --kill-othersdistributenpm run build:front && npm run compile && npm run mvassetinstall-seleniumnode nightwatch.conf.jsjs:adminbrowserify -t [ babelify --presets [ @babel/preset-env ] ] src/server/public/abecms/scripts/admin.js -o src/server/public/abecms/scripts/admin-compiled.jsjs:enginebrowserify -t [ babelify --presets [ @babel/preset-env ] ] src/server/public/abecms/scripts/template-engine.js -o src/server/public/abecms/scripts/template-engine-compiled.jsjs:usersbrowserify -t [ babelify --presets [ @babel/preset-env ] ] src/server/public/abecms/scripts/user-login.js -o src/server/public/abecms/scripts/user-login-compiled.jslinteslint --fix --quiet --env node src/mvassetmkdirp dist/server/public/abecms && cp -r src/server/locale dist/server && cp -r src/server/views dist/server && cp -r src/server/public/abecms/css dist/server/public/abecms && cp -r src/server/public/abecms/libs dist/server/public/abecms && cp -r src/server/public/abecms/vendors dist/server/public/abecms && cp -r src/server/public/abecms/fonts dist/server/public/abecms && cp -r src/server/public/abecms/image dist/server/public/abecms && cp -r src/server/public/abecms/scripts dist/server/public/abecms && cp -r src/cli/core/config/config.json dist/cli/core/config/config.jsonopencvgithub:peterbraden/node-opencvposttest-e2ekill -9 $(lsof -ti tcp:3003)postversiongit push origin master --follow-tags && npm publishpretest-e2eROOT=$PWD/tests/demo ./dist/index.js serve -p 3003 &preversionnpm run distributesassnode ./src/tasks/sass.jstestmocha --recursive --require @babel/register --require babel-polyfill --exit tests/unittest-covnyc _mocha -- --recursive --require @babel/register --require babel-polyfill --exit tests/unittest-coverallsnyc _mocha -- --recursive --require @babel/register --require babel-polyfill --exit tests/unit && nyc report --reporter=text-lcov | ./node_modules/coveralls/bin/coveralls.js && rm -rf ./coveragetest-e2esleep 6 && node_modules/.bin/nightwatch --config nightwatch.conf.jswatch./node_modules/.bin/parallelshell './node_modules/.bin/watchify -v -t [ babelify --presets [ @babel/preset-env ] ] src/server/public/abecms/scripts/template-engine.js -o src/server/public/abecms/scripts/template-engine-compiled.js' './node_modules/.bin/watchify -v -t [ babelify --presets [ @babel/preset-env ] ] src/server/public/abecms/scripts/admin.js -o src/server/public/abecms/scripts/admin-compiled.js' './node_modules/.bin/watchify -v -t [ babelify --presets [ @babel/preset-env ] ] src/server/public/abecms/scripts/user-login.js -o src/server/public/abecms/scripts/user-login-compiled.js' 'npm run watch:sass'watch:sass./node_modules/.bin/watch 'npm run sass' ./src/server/sass
Dependencies68
@babel/runtime^7.18.9bcrypt-nodejs0.0.3bluebird^3.7.2body-parser^1.20.0child-process-promise^2.2.1cli-color^2.0.3commander^9.4.0connect-busboy^1.0.0connect-flash^0.1.1cookie-parser^1.4.6cookies^0.8.0csurf^1.11.0debug^4.3.4dir-compare^4.0.0dragula^3.7.3express^4.18.1express-handlebars^6.0.6express-session^1.17.3express-validator^6.14.2extend^3.0.2extract-zip^2.0.1fs-compare0.0.4fs-extra^10.1.0handlebars^4.7.7handlebars-helper-slugify^0.3.2handlebars-helpers^0.10.0handlebars-intl^1.1.2handlebars-layouts^3.1.4helmet^6.0.0helper-markdown^1.0.0- …and 38 more.