Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 108Established · −30% score
- First published
- Nov 2025
- Publisher
- simon_he
Effective trust discount applied: −30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
No high-signal static finding in the saved report.
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
No findings stored for this release.
Manifest
Package metadata
Scripts137
benchmark:1.0node scripts/benchmark-1-0.mjsbuildpnpm run build:core && vite build --mode npm && node scripts/cleanup-style-entry.mjs && node scripts/write-tailwind-types.mjs && vite build --config vite.config.tailwind.ts --mode npm && node scripts/copy-tailwind-css.mjs && node scripts/generate-px-css.mjs && pnpm run build:dtsbuild:analyzeANALYZE=true pnpm buildbuild:corepnpm run -C packages/markstream-core buildbuild:demovite buildbuild:dtsrollup -c ./scripts/rollup.dts.config.mjs && node ./scripts/clean-dts.cjs --strip-commentsbuild:dts:packrollup -c ./scripts/rollup.dts.config.mjs && node ./scripts/clean-dts.cjs --strip-commentsbuild:packpnpm run build:core && vite build --mode npm && node scripts/cleanup-style-entry.mjs && node scripts/write-tailwind-types.mjs && vite build --config vite.config.tailwind.ts --mode npm && node scripts/copy-tailwind-css.mjs && node scripts/generate-px-css.mjs && pnpm run build:dts:packbuild:parserpnpm run -C packages/markdown-parser buildbuild:viewvite previewchangelogconventional-changelog -p angular --tag-prefix markstream-vue@ -i CHANGELOG.md -s -r 1check:core-publishednode ./scripts/check-core-published.mjs --package-json package.json --core-package-json packages/markstream-core/package.jsoncheck:packed-workspace-depsnode ./scripts/check-packed-workspace-deps.mjs --package-json package.jsoncheck:peer-depsnode ./scripts/check-peer-deps.cjscheck:ssrvitest --run test/ssr-import.test.ts test/ssr-render-to-string.test.tscheck:workspace-deps-localnode ./scripts/check-workspace-deps-local.mjscheck:workspace-deps-publishednode ./scripts/check-workspace-deps-published.mjsdevpnpm run -C playground devdocs:buildvitepress build docsdocs:build:cipnpm run build:parser && pnpm run build && pnpm docs:builddocs:build:ghVITEPRESS_BASE=/markstream-vue/ pnpm docs:builddocs:build:gh:cipnpm run build:parser && pnpm run build && pnpm docs:build:ghdocs:build:netlifyVITEPRESS_BASE=/ pnpm docs:builddocs:check-zhnode scripts/check-zh-parity.mjsdocs:deployVITEPRESS_BASE=/markstream-vue/ pnpm docs:build && pnpm docs:servedocs:deploy:netlifypnpm docs:build && echo 'Docs built to docs/.vitepress/dist'docs:devvitepress dev docsdocs:servevitepress serve docsdocs:sync-zhnode scripts/sync-zh-docs.mjse2e:virtual-scrollnode scripts/e2e-virtual-scroll.mjs- …and 107 more.
Dependencies4
@chenglou/pretext^0.0.5@floating-ui/dom^1.7.6markstream-core1.0.0stream-markdown-parser1.0.2