Package evidence

[email protected]

Install Lifecycle Remote Or Exec: install="node install.js"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 172
Versions published: 176Mature · −50% score
First published: Feb 2019
Publisher: GitHub ActionsTrusted automation · −70% score

Effective trust discount applied: −70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'

PublisherGitHub Actions

Artifact bytes352,391

Previous version1.7.1

Published2026-05-07T14:42:05.879Z

SHA-256d099cbc5d2d5411be29b91b448746f3ada8104a3442748e111bfebf628d46897

Why flagged

What the scanner saw

Install Lifecycle Remote Or Exec: install="node install.js"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

16d agoLast checked

reviewRisk

10Score

1.8.1Version

Status history (1 event)

new → available16d ago · risk review · score 10 · status changed

Evidence

Static findings

2 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
high	Install Lifecycle Remote Or Exec	package.json	install="node install.js"	30

Show all 2 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
high	Install Lifecycle Remote Or Exec	package.json	install="node install.js"	30
low	Install-time lifecycle script	package.json	install="node install.js"	5

Manifest

Package metadata

Scripts36

buildrun-s build-tsc build-web
build-tsctsc
build-webnode build-web.js
cleangit clean -dfx
formatprettier --write .
format-checkprettier --check .
installnode install.js
linteslint . --ext .ts,.tsx
nativebuildnode-gyp rebuild
prepublishyarn build
testyarn test:integration && yarn test:integration-remote-target && yarn test:integration-gdb-async-off && yarn test:integration-gdb-async-off-remote-target && yarn test:integration-gdb-non-stop && yarn test:integration-gdb-non-stop-remote-target && yarn test:integration-hw-breakpoint-on-remote-target
test-cirun-s --continue-on-error test-ci:integration test-ci:integration-remote-target test-ci:integration-gdb-async-off test-ci:integration-gdb-async-off-remote-target test-ci:integration-gdb-non-stop test-ci:integration-gdb-non-stop-remote-target test-ci:integration-hw-breakpoint-on-remote-target
test-ci:integrationcross-env JUNIT_REPORT_PATH=test-reports/integration.xml JUNIT_REPORT_STACK=1 JUNIT_REPORT_PACKAGES=1 ENV_TEST_VAR=VALUE1 mocha --exit --forbid-only --skip-make --reporter mocha-jenkins-reporter -r ts-node/register src/integration-tests/*.spec.ts
test-ci:integration-gdb-async-offcross-env JUNIT_REPORT_PATH=test-reports/integration-gdb-async-off.xml JUNIT_REPORT_STACK=1 JUNIT_REPORT_PACKAGES=1 ENV_TEST_VAR=VALUE1 mocha --exit --forbid-only --skip-make --reporter mocha-jenkins-reporter -r ts-node/register src/integration-tests/*.spec.ts --test-gdb-async-off
test-ci:integration-gdb-async-off-remote-targetcross-env JUNIT_REPORT_PATH=test-reports/integration-gdb-async-off-remote-target.xml JUNIT_REPORT_STACK=1 JUNIT_REPORT_PACKAGES=1 ENV_TEST_VAR=VALUE1 mocha --exit --forbid-only --skip-make --reporter mocha-jenkins-reporter -r ts-node/register src/integration-tests/*.spec.ts --test-gdb-async-off --test-remote
test-ci:integration-gdb-non-stopcross-env JUNIT_REPORT_PATH=test-reports/integration-gdb-non-stop.xml JUNIT_REPORT_STACK=1 JUNIT_REPORT_PACKAGES=1 ENV_TEST_VAR=VALUE1 mocha --exit --forbid-only --skip-make --reporter mocha-jenkins-reporter -r ts-node/register src/integration-tests/*.spec.ts --test-gdb-non-stop
test-ci:integration-gdb-non-stop-remote-targetcross-env JUNIT_REPORT_PATH=test-reports/integration-gdb-non-stop-remote-target.xml JUNIT_REPORT_STACK=1 JUNIT_REPORT_PACKAGES=1 ENV_TEST_VAR=VALUE1 mocha --exit --forbid-only --skip-make --reporter mocha-jenkins-reporter -r ts-node/register src/integration-tests/*.spec.ts --test-gdb-non-stop --test-remote
test-ci:integration-hw-breakpoint-on-remote-targetcross-env JUNIT_REPORT_PATH=test-reports/integration-hw-breakpoint-on-remote-target.xml JUNIT_REPORT_STACK=1 JUNIT_REPORT_PACKAGES=1 ENV_TEST_VAR=VALUE1 mocha --exit --forbid-only --skip-make --reporter mocha-jenkins-reporter -r ts-node/register src/integration-tests/*.spec.ts --test-hw-breakpoint-on --test-remote
test-ci:integration-remote-targetcross-env JUNIT_REPORT_PATH=test-reports/integration-remote-target.xml JUNIT_REPORT_STACK=1 JUNIT_REPORT_PACKAGES=1 ENV_TEST_VAR=VALUE1 mocha --exit --forbid-only --skip-make --test-remote --reporter mocha-jenkins-reporter -r ts-node/register src/integration-tests/*.spec.ts
test-ci:integration-remote-target-run-in-terminalcross-env JUNIT_REPORT_PATH=test-reports/integration-remote-target-run-in-terminal.xml JUNIT_REPORT_STACK=1 JUNIT_REPORT_PACKAGES=1 ENV_TEST_VAR=VALUE1 mocha --exit --forbid-only --skip-make --test-remote --run-in-terminal --reporter mocha-jenkins-reporter -r ts-node/register src/integration-tests/*.spec.ts
test-ci:integration-run-in-terminalcross-env JUNIT_REPORT_PATH=test-reports/integration-run-in-terminal.xml JUNIT_REPORT_STACK=1 ENV_TEST_VAR=VALUE1 JUNIT_REPORT_PACKAGES=1 mocha --exit --forbid-only --skip-make --run-in-terminal --reporter mocha-jenkins-reporter -r ts-node/register src/integration-tests/*.spec.ts
test-ci:ptycross-env JUNIT_REPORT_PATH=test-reports/native.xml JUNIT_REPORT_STACK=1 JUNIT_REPORT_PACKAGES=1 mocha --exit --forbid-only --skip-make --reporter mocha-jenkins-reporter dist/native/*.spec.js
test-run-in-terminalyarn test:pty && yarn test:integration-run-in-terminal && yarn test:integration-remote-target-run-in-terminal
test:integrationcross-env JUNIT_REPORT_PATH=test-reports/integration.xml JUNIT_REPORT_STACK=1 JUNIT_REPORT_PACKAGES=1 ENV_TEST_VAR=VALUE1 mocha --exit --reporter mocha-jenkins-reporter -r ts-node/register src/integration-tests/*.spec.ts
test:integration-gdb-async-offcross-env JUNIT_REPORT_PATH=test-reports/integration-gdb-async-off.xml JUNIT_REPORT_STACK=1 JUNIT_REPORT_PACKAGES=1 ENV_TEST_VAR=VALUE1 mocha --exit --reporter mocha-jenkins-reporter -r ts-node/register src/integration-tests/*.spec.ts --test-gdb-async-off
test:integration-gdb-async-off-remote-targetcross-env JUNIT_REPORT_PATH=test-reports/integration-gdb-async-off-remote-target.xml JUNIT_REPORT_STACK=1 JUNIT_REPORT_PACKAGES=1 ENV_TEST_VAR=VALUE1 mocha --exit --reporter mocha-jenkins-reporter -r ts-node/register src/integration-tests/*.spec.ts --test-gdb-async-off --test-remote
test:integration-gdb-non-stopcross-env JUNIT_REPORT_PATH=test-reports/integration-gdb-non-stop.xml JUNIT_REPORT_STACK=1 JUNIT_REPORT_PACKAGES=1 ENV_TEST_VAR=VALUE1 mocha --exit --reporter mocha-jenkins-reporter -r ts-node/register src/integration-tests/*.spec.ts --test-gdb-non-stop
test:integration-gdb-non-stop-remote-targetcross-env JUNIT_REPORT_PATH=test-reports/integration-gdb-non-stop-remote-target.xml JUNIT_REPORT_STACK=1 JUNIT_REPORT_PACKAGES=1 ENV_TEST_VAR=VALUE1 mocha --exit --reporter mocha-jenkins-reporter -r ts-node/register src/integration-tests/*.spec.ts --test-gdb-non-stop --test-remote
test:integration-hw-breakpoint-on-remote-targetcross-env JUNIT_REPORT_PATH=test-reports/integration-hw-breakpoint-on-remote-target.xml JUNIT_REPORT_STACK=1 JUNIT_REPORT_PACKAGES=1 ENV_TEST_VAR=VALUE1 mocha --exit --reporter mocha-jenkins-reporter -r ts-node/register src/integration-tests/*.spec.ts --test-hw-breakpoint-on --test-remote
test:integration-remote-targetcross-env JUNIT_REPORT_PATH=test-reports/integration-remote-target.xml JUNIT_REPORT_STACK=1 JUNIT_REPORT_PACKAGES=1 ENV_TEST_VAR=VALUE1 mocha --exit --test-remote --reporter mocha-jenkins-reporter -r ts-node/register src/integration-tests/*.spec.ts
…and 6 more.

Dependencies4

@vscode/debugadapter^1.68.0
@vscode/debugprotocol^1.68.0
node-addon-api^8.4.0
serialport^13.0.0