Package evidence
[email protected]
Remote Dependency Spec: dependencies.@janoside/app-utils="github:janoside/app-utils#ba4c23d3f"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 2
- Versions published
- 4
- First published
- Mar 2025
- Publisher
- tech1k
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Remote Dependency Spec: dependencies.@janoside/app-utils="github:janoside/app-utils#ba4c23d3f"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 24 · status changed
Evidence
Static findings
3 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Dependency Spec | package.json | dependencies.@janoside/app-utils="github:janoside/app-utils#ba4c23d3f" | 12 |
| medium | Remote Dependency Spec | package.json | dependencies.electrum-client="github:janoside/electrum-client" | 12 |
Show all 3 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Dependency Spec | package.json | dependencies.@janoside/app-utils="github:janoside/app-utils#ba4c23d3f" | 12 |
| medium | Remote Dependency Spec | package.json | dependencies.electrum-client="github:janoside/electrum-client" | 12 |
| low | Obfuscation Density | package/npm-shrinkwrap.json | high encoded/escaped-token density | 0 |
Manifest
Package metadata
Scripts13
cssnpm run css-light && npm run css-dark && npm run css-dark-v1 && npm run integritycss-darksass --style compressed ./public/scss/dark.scss ./public/style/dark.min.csscss-dark-debugsass --style expanded ./public/scss/dark.scss ./public/style/dark.csscss-dark-v1sass --style compressed ./public/scss/dark-v1.scss ./public/style/dark-v1.min.csscss-dark-v1-debugsass --style expanded ./public/scss/dark-v1.scss ./public/style/dark-v1.csscss-debugnpm run css-light-debug && npm run css-dark-debug && npm run css-dark-v1-debugcss-lightsass --style compressed ./public/scss/light.scss ./public/style/light.min.csscss-light-debugsass --style expanded ./public/scss/light.scss ./public/style/light.cssintegritynode ./bin/frontend-resource-integrity.jslinteslint app routesminersnode ./bin/refresh-mining-pool-configs.jsstartnode ./bin/wwwtestnode ./bin/test.js
Dependencies42
@janoside/app-utilsgithub:janoside/app-utils#ba4c23d3fasync^3.2.6axios^1.11.0basic-auth^2.0.1bech322.0.0bip32^4.0.0bitcoinjs-lib^6.1.7body-parser^2.2.0bootstrap^5.3.7bs58check^4.0.0chart.js^4.5.0compression^1.8.1cookie-parser^1.4.7crypto-js^4.2.0csurf^1.11.0debug^4.4.1decimal.js^10.6.0dotenv^13.0.1electrum-clientgithub:janoside/electrum-clientexpress^4.21.2express-async-handler^1.2.0express-rate-limit^8.0.1express-session^1.18.2jayson^4.2.0lru-cache^10.4.3markdown-it^14.1.0md5^2.3.0memorystore^1.6.7meow^9.0.0moment^2.30.1- …and 12 more.
Optional dependencies1
event-loop-stats^1.4.1