Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 190Mature · −50% score
- First published
- Mar 2020
- Publisher
- tywalch
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
No high-signal static finding in the saved report.
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
No findings stored for this release.
Manifest
Package metadata
Scripts32
buildsh buildbrowser.shbuild:browserbrowserify playground/browser.js -o playground/bundle.jscoveragenpm run test:init:hard && nyc npm run test:unit && nyc report --reporter=text-lcov | coverallscoverage:local:coverallsnpm run test:init:hard && nyc npm run test:unit && nyc report --reporter=text-lcov | coverallscoverage:local:htmlnpm run test:init:hard && nyc npm run test:unit && nyc report --reporter=htmlddb:loaddocker compose exec electro npm run test:init:hardddb:startdocker compose up -d dynamodbddb:stopdocker compose stopexamples:load:librarynpm run ddb:start && npm run local:init && ts-node ./examples/library/load.tsexamples:load:taskmanagernpm run ddb:start && npm run local:init && ts-node ./examples/taskManager/load.tsexamples:load:versioncontrolnpm run ddb:start && npm run local:init && ts-node ./examples/versionControl/load.tsexamples:locksnpm run ddb:start && npm run local:init && ts-node ./examples/locksexamples:provisiontablenpm run ddb:start && npm run local:init && ts-node ./examples/provisionTableexamples:query:librarynpm run ddb:start && npm run local:init && ts-node ./examples/library/query.tsexamples:query:taskmanagernpm run ddb:start && npm run local:init && ts-node ./examples/taskManager/query.tsexamples:query:versioncontrolnpm run ddb:start && npm run local:init && ts-node ./examples/versionControl/query.tsformatprettier -w src/**/*.js examples/**/* --log-level=errorlocal:debugnpm run local:start && npm run local:execlocal:execLOCAL_DYNAMO_ENDPOINT='http://localhost:8000' ts-node ./test/debug.tslocal:freshnpm run ddb:start && npm run local:init:hardlocal:initLOCAL_DYNAMO_ENDPOINT='http://localhost:8000' npm run test:initlocal:init:hardLOCAL_DYNAMO_ENDPOINT='http://localhost:8000' npm run test:init:hardlocal:startnpm run ddb:start && npm run local:initlocal:stopnpm run ddb:stoptest./test.shtest:cinpm install && npm testtest:formatprettier -c src/**/*.js examples/**/*test:initnode ./test/init.jstest:init:hardnode ./test/init.js --recreatetest:runnpm run test:types && npm run test:init && npm run test:unit- …and 2 more.
Dependencies3
@aws-sdk/lib-dynamodb^3.654.0@aws-sdk/util-dynamodb^3.654.0jsonschema1.5.0