PkgRadar

Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
20
Versions published
14
First published
Apr 2026
Publisher
nickxiao42

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
Publishernickxiao42
Artifact bytes6,639,155
Previous version3.0.9
Published2026-06-14T09:54:33.394Z
SHA-256d091f9cf52990ac38b70eeb12c20fbed94560e2e545d2dc4baa8543ab41f0551

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
3.0.10Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts29
  • buildrm -rf dist && tsc && pnpm build:lib && pnpm build:lib:cjs && pnpm build:browser && pnpm build:cli && pnpm build:shell && pnpm build:worker && pnpm build:clean && cp dist/index.d.ts dist/index.d.cts && sed '1,/^-->/d' AGENTS.npm.md > dist/AGENTS.md
  • build:browseresbuild dist/browser.js --bundle --platform=browser --format=esm --minify --outfile=dist/bundle/browser.js --external:diff --external:minimatch --external:sprintf-js --external:turndown --external:node:zlib --external:@mongodb-js/zstd --external:node-liblzma --external:seek-bzip --define:__BROWSER__=true --alias:node:dns=./src/shims/browser-unsupported.js
  • build:cleanfind dist -name '*.test.js' -delete && find dist -name '*.test.d.ts' -delete
  • build:climkdir -p dist/cli dist/bin && cp src/cli/default-init.sh dist/cli/default-init.sh && cp src/cli/default-init.sh dist/bin/default-init.sh && esbuild dist/cli/just-bash.js --bundle --splitting --platform=node --format=esm --minify --outdir=dist/bin --entry-names=[name] --chunk-names=chunks/[name]-[hash] --banner:js='#!/usr/bin/env node' --external:sql.js --external:quickjs-emscripten --external:@mongodb-js/zstd --external:node-liblzma --external:seek-bzip
  • build:libesbuild dist/index.js --bundle --splitting --platform=node --format=esm --minify --outdir=dist/bundle --chunk-names=chunks/[name]-[hash] --external:diff --external:minimatch --external:sprintf-js --external:turndown --external:sql.js --external:quickjs-emscripten --external:@mongodb-js/zstd --external:node-liblzma --external:seek-bzip
  • build:lib:cjsesbuild dist/index.js --bundle --platform=node --format=cjs --minify --outfile=dist/bundle/index.cjs --external:diff --external:minimatch --external:sprintf-js --external:turndown --external:sql.js --external:quickjs-emscripten --external:@mongodb-js/zstd --external:node-liblzma --external:seek-bzip
  • build:shellesbuild dist/cli/shell.js --bundle --splitting --platform=node --format=esm --minify --outdir=dist/bin/shell --entry-names=[name] --chunk-names=chunks/[name]-[hash] --banner:js='#!/usr/bin/env node' --external:sql.js --external:quickjs-emscripten --external:@mongodb-js/zstd --external:node-liblzma --external:seek-bzip
  • build:workeresbuild src/commands/python3/worker.ts --bundle --platform=node --format=esm --outfile=src/commands/python3/worker.js --external:../../../vendor/cpython-emscripten/* && cp src/commands/python3/worker.js dist/commands/python3/worker.js && mkdir -p dist/bin/chunks && cp src/commands/python3/worker.js dist/bin/chunks/worker.js && mkdir -p dist/bundle/chunks && cp src/commands/python3/worker.js dist/bundle/chunks/worker.js && esbuild src/commands/js-exec/js-exec-worker.ts --bundle --platform=node --format=esm --outfile=src/commands/js-exec/js-exec-worker.js --external:quickjs-emscripten && cp src/commands/js-exec/js-exec-worker.js dist/commands/js-exec/js-exec-worker.js && cp src/commands/js-exec/js-exec-worker.js dist/bin/chunks/js-exec-worker.js && cp src/commands/js-exec/js-exec-worker.js dist/bundle/chunks/js-exec-worker.js && esbuild src/commands/sqlite3/worker.ts --bundle --platform=node --format=esm --outfile=src/commands/sqlite3/worker.js --external:sql.js && mkdir -p dist/commands/sqlite3 && cp src/commands/sqlite3/worker.js dist/commands/sqlite3/worker.js && cp src/commands/sqlite3/worker.js dist/bin/chunks/sqlite3-worker.js && cp src/commands/sqlite3/worker.js dist/bundle/chunks/sqlite3-worker.js
  • check:worker-syncnode scripts/check-worker-sync.js
  • dev:execnpx tsx src/cli/exec.ts
  • knipknip
  • lintpnpm lint:banned
  • lint:bannednode scripts/check-banned-patterns.js
  • lint:fixpnpm --workspace-root lint:fix
  • prepublishOnlypnpm test:dist
  • shellnpx tsx src/cli/shell.ts
  • testvitest
  • test:comparisonvitest run --config vitest.comparison.config.ts
  • test:comparison:recordRECORD_FIXTURES=1 vitest run --config vitest.comparison.config.ts
  • test:coveragevitest run --coverage
  • test:coverage:unitvitest run --config vitest.unit.config.ts --coverage
  • test:distvitest run src/cli/just-bash.bundle.test.ts
  • test:fuzzvitest run src/security/fuzzing/
  • test:fuzz:longFUZZ_RUNS=10000 vitest run src/security/fuzzing/
  • test:runvitest run --exclude src/security/fuzzing/ --exclude src/commands/python3/ --exclude src/commands/sqlite3/ --exclude src/commands/js-exec/ --exclude src/agent-examples/python-scripting.test.ts
  • test:unitvitest run --config vitest.unit.config.ts
  • test:wasmvitest run --config vitest.wasm.config.ts
  • typechecktsc --noEmit
  • validatepnpm lint && pnpm knip && pnpm typecheck && pnpm build && pnpm check:worker-sync && pnpm test:run && pnpm test:wasm && pnpm test:dist
Dependencies15
  • diff^8.0.2
  • fast-xml-parser^5.7.3
  • file-type^21.2.0
  • ini^6.0.0
  • minimatch^10.1.1
  • modern-tar^0.7.3
  • papaparse^5.5.3
  • quickjs-emscripten^0.32.0
  • re2js^1.2.1
  • seek-bzip^2.0.0
  • smol-toml^1.6.0
  • sprintf-js^1.1.3
  • sql.js^1.13.0
  • turndown^7.2.2
  • yaml^2.8.2
Optional dependencies2
  • @mongodb-js/zstd^7.0.0
  • node-liblzma^2.0.3