PkgRadar

Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
34
First published
Dec 2025
Publisher
kikobeats

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
Publisherkikobeats
Artifact bytes36,364
Previous version2.0.8
Published2026-06-04T08:52:04.250Z
SHA-2564b3ec3e83700bbd0dbda335977c2a9662f0bf3031a3dc0ca2fdf49b034d021c1

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
2.0.9Version
Status history (2 events)
  1. newavailable · risk low · score 0 · status changed
  2. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts19
  • benchnode bench/detect.js
  • bench:comparenode bench/detect.js HEAD HEAD~1
  • buildgulp build
  • cleanrm -rf node_modules
  • contributors(npx git-authors-cli && npx finepack && git add package.json && git commit -m 'build: contributors' --no-verify) || true
  • coveragec8 report --reporter=text-lcov > coverage/lcov.info
  • devconcurrently "gulp" "npm run dev:server"
  • dev:serverbrowser-sync start --server docs --files "docs/index.html, docs/README.md, docs/static/**/*.(css|js)"
  • lintstandard
  • postreleasenpm run release:tags && npm run release:github && (ci-publish || npm publish --access=public)
  • pretestnpm run lint
  • releasepnpm run release:version && pnpm run release:changelog && pnpm run release:commit && pnpm run release:tag
  • release:changelogconventional-changelog -p conventionalcommits -i CHANGELOG.md -s
  • release:commitgit add package.json CHANGELOG.md && git commit -m "chore(release): $(node -p "require('./package.json').version")"
  • release:githubgithub-generate-release
  • release:taggit tag -a v$(node -p "require('./package.json').version") -m "v$(node -p "require('./package.json').version")"
  • release:tagsgit push origin HEAD:master --follow-tags
  • release:versionstandard-version --skip.changelog --skip.commit --skip.tag
  • testc8 ava
Dependencies3
  • @metascraper/helpers~5.50.0
  • cookie-es~3.1.1
  • debug-logfmt~1.4.7