Package evidence

[email protected]

Obfuscation: matched "\\u0000"

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'

Publisherratelworks

Artifact bytes19,234,705

Previous version1.3.1

Published2026-05-22T01:03:31.899Z

SHA-256e1f6ca0786ac6a7d778ad10498c5d79cc3dc7476389fefa2c0db9d8fd0479ae5

Why flagged

What the scanner saw

Obfuscation: matched "\\u0000"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

20d agoLast checked

reviewRisk

3Score

1.4.0Version

Status history (1 event)

new → available20d ago · risk review · score 3 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 1 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
low	Obfuscation	package/build/lib/safety-report-storage.js	matched "\\u0000"	3

Manifest

Package metadata

Scripts69

audittsx scripts/audit/audit-graph-health.ts && tsx scripts/audit/legal-coverage-audit.ts
audit:blocker-contracttsx scripts/audit/audit-blocker-contract.ts
audit:criticaltsx scripts/audit/audit-graph-health.ts --strict --critical
audit:expandtsx scripts/audit/audit-jsonld-expand.ts
audit:graph-v2tsx scripts/audit/audit-ontology-v2.ts
audit:master-cycle-drifttsx scripts/audit/audit-master-cycle-drift.ts
audit:stricttsx scripts/audit/audit-graph-health.ts --strict
auto-improvetsx scripts/quality/auto-improve.ts
buildtsc && tsx scripts/build/copy-ontology-assets.ts && node -e "import('fs').then(fs=>fs.chmodSync('build/cli.js',0o755))"
check:allnpm run check:essence && npm run check:lightweight
check:doc-synctsx scripts/verify/check-doc-code-sync.ts
check:essencetsx scripts/verify/check-essence.ts
check:lightweighttsx scripts/verify/check-lightweight.ts
clinode build/cli.js
crawl-koshatsx scripts/sync/crawl-kosha-portal.ts
devtsx src/index.ts
evaluate-jsonldtsx scripts/verify/evaluate-jsonld.ts
export-rdftsx scripts/ontology/export-rdf.ts
form-conformancetsx scripts/verify/form-conformance.ts
mcp:a2ui:demonode build/cli.js call render_a2ui_form --inputJson '{"docId":"daily_tbm","format":"jsonl"}'
mcp:inspectnpx @modelcontextprotocol/inspector node build/cli.js serve
mcp:startnode build/cli.js serve
mcp:test:a2uitsx scripts/test/test-a2ui-workflow.ts
mcp:test:allnpm run build && npm run mcp:test:lifecycle && npm run mcp:test:a2ui && npm run mcp:test:scenarios && npm run mcp:test:fillrate:top && npm run mcp:test:graph
mcp:test:consistencytsx scripts/test/test-graph-consistency.ts
mcp:test:coveragetsx scripts/audit/coverage-report.ts
mcp:test:effecttsx scripts/test/test-graph-effect.ts
mcp:test:field-usertsx scripts/test/field-user-tester.ts
mcp:test:fillratetsx scripts/test/test-document-fillrate.ts
mcp:test:fillrate:toptsx scripts/test/test-document-fillrate.ts --top 20
…and 39 more.

Dependencies5

@modelcontextprotocol/sdk^1.29.0
commander^12.1.0
fast-xml-parser^5.8.0
graphology^0.26.0
zod^3.23.8