Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 149
Versions published: 1
First published: May 2026
Publisher: benjamin.persky

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'

Publisherbenjamin.persky

Artifact bytes800,040

Previous versionnone

Published2026-05-24T15:36:34.671Z

SHA-256db402ff57cf6c74e60e281167428730b31fc0e567cca9307160a4f786148c738

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low

16d agoLast checked

lowRisk

0Score

0.1.0Version

Status history (4 events)

available → available16d ago · risk low · score 0 · status available -> available, risk high -> low, score 157 -> 0
available → available21d ago · risk high · score 157 · status available -> available, risk high -> high, score 259 -> 157
available → available21d ago · risk high · score 259 · status available -> available, risk high -> high, score 720 -> 259
new → available22d ago · risk high · score 720 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts64

avorelo:activatenode bin/avorelo activate
avorelo:doctornode bin/avorelo doctor
avorelo:summarynode bin/avorelo summary
bootstrap:brandingnode app-scripts/bootstrap-branding.mjs
brand:checknode scripts/check-brand-leaks.js
brand:fixnode scripts/fix-brand-leaks.js --write
brand:fix:dry-runnode scripts/fix-brand-leaks.js
buildnpm run public-web:build
build:install-artifactsnode app-scripts/build-install-artifacts.mjs
cco:initnode scripts/cco-init.js
cco:install-helpernode scripts/cco-install-helper.js
cco:reuse-cuesnode scripts/cco-reuse-cues.js
cco:valuenode scripts/cco-value.js
db:migratewasp db migrate-dev
db:seedwasp db seed
db:startwasp start db
deploy:railwaywasp deploy railway deploy wuz-beta
deploy:railway:setupwasp deploy railway setup wuz-beta
devwasp start
health:reponode app-scripts/repo-health-check.mjs
public-web:buildnpm --prefix apps/public-web run build
public-web:checknpm --prefix apps/public-web run check
public-web:devnpm --prefix apps/public-web run dev
public-web:previewnpm --prefix apps/public-web run preview
start:founder-localpowershell -ExecutionPolicy Bypass -File app-scripts/start-wuz-local.ps1
testnode --test tests/*.test.js
test:brandnode scripts/check-brand-leaks.js
test:critical-pathnpm --prefix e2e-tests test
test:e2enpm --prefix e2e-tests test
test:output-profilesvitest run src/output_profiles/output-profiles.test.ts
…and 34 more.