Package evidence

[email protected]

Remote Dependency Spec: devDependencies.@effect/docgen="https://pkg.pr.new/Effect-TS/docgen/@effect/docgen@e57e5f5"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 299
Versions published: 13Established · −30% score
First published: Oct 2025
Publisher: leonitousconforti

Effective trust discount applied: −30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'

Publisherleonitousconforti

Artifact bytes39,297

Previous version0.0.11

Published2026-05-28T21:11:46.321Z

SHA-2562f74a03c74809faf0509e90b3627186e20f7f706fcbfb0b29b2117d83a7190e0

Why flagged

What the scanner saw

Remote Dependency Spec: devDependencies.@effect/docgen="https://pkg.pr.new/Effect-TS/docgen/@effect/docgen@e57e5f5"

1 remote tarball(s) were followed statically.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

3d agoLast checked

reviewRisk

16Score

0.0.12Version

Status history (2 events)

available → available3d ago · risk review · score 16 · status available -> available, risk high -> review, score 43 -> 16
new → available8d ago · risk high · score 43 · status changed

Evidence

Static findings

1 static · 1 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
medium	Remote Dependency Spec	package.json	devDependencies.@effect/docgen="https://pkg.pr.new/Effect-TS/docgen/@effect/docgen@e57e5f5"	8
medium	Dependency Changed To Remote Vs Previous	package.json	devDependencies.@effect/docgen changed to remote spec in 0.0.12 vs 0.0.11: "https://pkg.pr.new/Effect-TS/docgen/@effect/docgen@e57e5f5"	8

Remote payloads

Followed remote artifacts

Source	URL	Risk	Score	Summary
devDependencies.@effect/docgen	https://pkg.pr.new/Effect-TS/docgen/@effect/docgen@e57e5f5	low	0	large_javascript_payload: 14181791 bytes

Manifest

Package metadata

Scripts8

babelbabel dist --plugins annotate-pure-calls --out-dir dist --source-maps
buildtsc -b tsconfig.json && pnpm babel
checktsc -b tsconfig.json
circularmadge --circular src/*.ts
cleanrimraf *.tsbuildinfo docs dist coverage
codegenbuild-utils prepare-v4
lintoxlint && oxfmt --check
lint-fixoxlint --fix && oxfmt --write