PkgRadar

Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
166
Versions published
8
First published
Apr 2026
Publisher
camcima

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
Publishercamcima
Artifact bytes260,621
Previous version0.4.0
Published2026-05-30T21:53:14.246Z
SHA-256e588df413abecc72f882ce7e65de04f02a9a14dd81922e4ac0d5dc085c9ee67f

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
0.4.1Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts17
  • buildtsup
  • devtsx src/cli.ts start --config ./examples/config.json
  • formatprettier --write '**/*.{ts,js,json,md,yml,yaml}' '!**/dist/**' '!**/node_modules/**' '!**/coverage/**' '!**/package-lock.json'
  • format:checkprettier --check '**/*.{ts,js,json,md,yml,yaml}' '!**/dist/**' '!**/node_modules/**' '!**/coverage/**' '!**/package-lock.json'
  • linteslint 'src/**/*.ts' 'tests/**/*.ts'
  • lint:fixeslint 'src/**/*.ts' 'tests/**/*.ts' --fix
  • preparelefthook install
  • releaserelease-it
  • release:allnpm run release && npm run release:docker
  • release:alpharelease-it prerelease --preRelease=alpha
  • release:dockergh workflow run release-docker.yml -f tag=v$(node -p "require('./package.json').version")
  • release:dryrelease-it --dry-run
  • testvitest run
  • test:civitest run --coverage --reporter=default --reporter=junit --outputFile.junit=test-report.junit.xml
  • test:coveragevitest run --coverage
  • test:watchvitest
  • typechecktsc --noEmit
Dependencies8
  • @fastify/cors^11.2.0
  • @fastify/formbody^8.0.1
  • @httptoolkit/httpolyglot^3.0.1
  • chokidar^4.0.3
  • fastify^5.2.0
  • jose^5.9.6
  • pino^9.5.0
  • zod^4.0.0