Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 2
- First published
- May 2026
- Publisher
- ferlatorre78
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Remote Payload: matched "curl "
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 53 · status changed
Evidence
Static findings
5 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Payload | package/scripts/bootstrap-single-tenant.sh | matched "curl " | 12 |
| medium | Remote Payload | package/scripts/portal-web-go-no-go.sh | matched "curl\n\n" | 12 |
| medium | Remote Payload | package/fabric-multicloud/k8s/osnadmin-join-job.yaml | matched "curl " | 12 |
| medium | Remote Payload | package/fabric-multicloud/k8s/osnadmin-list-job.yaml | matched "curl " | 12 |
Show all 5 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Payload | package/scripts/bootstrap-single-tenant.sh | matched "curl " | 12 |
| medium | Remote Payload | package/scripts/portal-web-go-no-go.sh | matched "curl\n\n" | 12 |
| medium | Remote Payload | package/fabric-multicloud/k8s/osnadmin-join-job.yaml | matched "curl " | 12 |
| medium | Remote Payload | package/fabric-multicloud/k8s/osnadmin-list-job.yaml | matched "curl " | 12 |
| low | Credential file access | package/docker_build_local.sh | matched "NPM_TOKEN" | 5 |
Manifest
Package metadata
Scripts40
api:closebash ./scripts/stop-local-api.shapi:local-demonpm run build:swagger && npx dotenv -e .env.local-demo -e .env.local -- nodemon --legacy-watch --watch 'src/**/*.ts' --watch 'swagger.config.cjs' --exec 'TS_NODE_TRANSPILE_ONLY=1 TS_NODE_SKIP_IGNORE=1 TS_NODE_COMPILER_OPTIONS={\"module\":\"NodeNext\",\"moduleResolution\":\"NodeNext\",\"allowImportingTsExtensions\":true} node --loader ts-node/esm --experimental-specifier-resolution=node src/main.ts'api:local-postgresnpm run build:swagger && npx dotenv -e .env.local.postgres -e .env.local -- nodemon --legacy-watch --watch 'src/**/*.ts' --watch 'swagger.config.cjs' --exec 'TS_NODE_TRANSPILE_ONLY=1 TS_NODE_SKIP_IGNORE=1 TS_NODE_COMPILER_OPTIONS={\"module\":\"NodeNext\",\"moduleResolution\":\"NodeNext\",\"allowImportingTsExtensions\":true} node --loader ts-node/esm --experimental-specifier-resolution=node src/main.ts'buildnpm run clean && npm run build:swagger && tsc && node scripts/patch-esm-imports.mjsbuild:openapi-profilesnode scripts/generate-openapi-profiles.mjsbuild:swaggerTS_NODE_TRANSPILE_ONLY=1 TS_NODE_SKIP_IGNORE=1 TS_NODE_COMPILER_OPTIONS='{"module":"NodeNext","moduleResolution":"NodeNext","allowImportingTsExtensions":true}' node --loader ts-node/esm --experimental-specifier-resolution=node scripts/generate-swagger-spec.mts && node scripts/generate-openapi-profiles.mjs && node --loader ts-node/esm --experimental-specifier-resolution=node scripts/generate-core-flow-examples.mjscheck:portal-web-go-no-gobash ./scripts/portal-web-go-no-go.shcleanrm -rf builddb:local-postgres:downdocker compose -f docker-compose.postgres.yml down -vdb:local-postgres:logsdocker compose -f docker-compose.postgres.yml logs -f postgresdb:local-postgres:resetnpm run db:local-postgres:down && npm run db:local-postgres:updb:local-postgres:updocker compose -f docker-compose.postgres.yml up -ddemo:bootstrap-single-tenantif [ -f .env.local-demo ]; then npx dotenv -e .env.local-demo -- ./scripts/bootstrap-single-tenant.sh; elif [ -f .env.local ]; then npx dotenv -e .env.local -- ./scripts/bootstrap-single-tenant.sh; elif [ -f .env.local.txt ]; then npx dotenv -e .env.local.txt -- ./scripts/bootstrap-single-tenant.sh; else echo 'ERROR: missing .env.local-demo/.env.local/.env.local.txt'; exit 1; fidemo:bootstrap-single-tenant:loggedbash ./scripts/run-with-log.sh bootstrap-single-tenant npm run demo:bootstrap-single-tenantdevnpm run build:swagger && nodemon --legacy-watch --watch 'src/**/*.ts' --watch 'swagger.config.cjs' --exec 'TS_NODE_TRANSPILE_ONLY=1 TS_NODE_SKIP_IGNORE=1 TS_NODE_COMPILER_OPTIONS={\"module\":\"NodeNext\",\"moduleResolution\":\"NodeNext\",\"allowImportingTsExtensions\":true} DOTENV_CONFIG_PATH=.env.local node --import dotenv/config --loader ts-node/esm --experimental-specifier-resolution=node src/main.ts'dev:loggedbash ./scripts/run-with-log.sh dev npm run devdocker:build./docker_build.shdocker:run./docker_run.shdocs:flow-reportTS_NODE_TRANSPILE_ONLY=1 TS_NODE_SKIP_IGNORE=1 TS_NODE_COMPILER_OPTIONS='{"module":"NodeNext","moduleResolution":"NodeNext","allowImportingTsExtensions":true}' node --loader ts-node/esm --experimental-specifier-resolution=node scripts/run-api-integrators-guide-flow.mtsformatprettier --write 'src/**/*.{ts,js}'linteslint 'src/**/*.{ts,js}' --fixlint:checkeslint 'src/**/*.{ts,js}'pki:generateTS_NODE_TRANSPILE_ONLY=1 TS_NODE_SKIP_IGNORE=1 TS_NODE_COMPILER_OPTIONS='{"module":"NodeNext","moduleResolution":"NodeNext","allowImportingTsExtensions":true}' node --loader ts-node/esm --experimental-specifier-resolution=node scripts/generate-pki-chain.tspki:hostTS_NODE_TRANSPILE_ONLY=1 TS_NODE_SKIP_IGNORE=1 TS_NODE_COMPILER_OPTIONS='{"module":"NodeNext","moduleResolution":"NodeNext","allowImportingTsExtensions":true}' node --loader ts-node/esm --experimental-specifier-resolution=node scripts/generate-host.tspki:icaTS_NODE_TRANSPILE_ONLY=1 TS_NODE_SKIP_IGNORE=1 TS_NODE_COMPILER_OPTIONS='{"module":"NodeNext","moduleResolution":"NodeNext","allowImportingTsExtensions":true}' node --loader ts-node/esm --experimental-specifier-resolution=node scripts/generate-ica.tspki:memberTS_NODE_TRANSPILE_ONLY=1 TS_NODE_SKIP_IGNORE=1 TS_NODE_COMPILER_OPTIONS='{"module":"NodeNext","moduleResolution":"NodeNext","allowImportingTsExtensions":true}' node --loader ts-node/esm --experimental-specifier-resolution=node scripts/generate-member.tspki:rootTS_NODE_TRANSPILE_ONLY=1 TS_NODE_SKIP_IGNORE=1 TS_NODE_COMPILER_OPTIONS='{"module":"NodeNext","moduleResolution":"NodeNext","allowImportingTsExtensions":true}' node --loader ts-node/esm --experimental-specifier-resolution=node scripts/generate-root-ca.tsprettierprettier --write "src/**/*.ts"prettier:checkprettier --check "src/**/*.ts"run:with-logbash ./scripts/run-with-log.sh- …and 10 more.
Dependencies39
@ahryman40k/ts-fhir-types^4.0.39@firebase/rules-unit-testing^5.0.0@google-cloud/storage^7.17.3@hyperledger/fabric-gateway^1.9.0@hyperledger/fabric-protos^0.3.7@noble/ciphers^2.0.0@noble/post-quantum^0.5.1@peculiar/webcrypto^1.5.0@stablelib/base64^2.0.1@stablelib/utf8^2.0.1@types/argon2^0.14.1@types/base-x^3.0.0@types/cors^2.8.19argon2^0.44.0asn1js^3.0.6base-x^5.0.1canonicalize^2.1.0cors^2.8.5env-var^7.5.0express^4.18.2firebase-admin^13.5.0gdc-common-utils-ts^1.4.20google-auth-library^9.0.0jose^4.15.9js-base64^3.7.8mongodb^5.6.0multiformats^13.4.1node-forge^1.3.3pako^2.1.0pdf-lib^1.17.1- …and 9 more.