Package evidence
[email protected]
Install Lifecycle Suppresses Failure: postinstall="node scripts/postinstall.cjs || true"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 6
- First published
- Mar 2026
- Publisher
- GitHub ActionsTrusted automation · −70% score
Effective trust discount applied: −70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Install Lifecycle Suppresses Failure: postinstall="node scripts/postinstall.cjs || true"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 7 · status changed
Evidence
Static findings
3 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Install Lifecycle Suppresses Failure | package.json | postinstall="node scripts/postinstall.cjs || true" | 20 |
Show all 3 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Install Lifecycle Suppresses Failure | package.json | postinstall="node scripts/postinstall.cjs || true" | 20 |
| low | Install-time lifecycle script | package.json | postinstall="node scripts/postinstall.cjs || true" | 5 |
| low | Large Javascript Payload | package/dist/index.js | 6027518 bytes | 0 |
Manifest
Package metadata
Scripts20
buildrm -rf dist && bun run download-grammars && bun build src/index.ts --outdir dist --target bun --external @lancedb/lancedb --external better-sqlite3 && cp src/benchmark-v2/storage/schema.sql dist/ && chmod +x dist/index.jsbuild:binarybun run download-grammars && bun build src/index.ts --compile --external @opentui/core --external @opentui/react --outfile mnemexbuild:binary:linuxbun run download-grammars && bun build src/index.ts --compile --target=bun-linux-x64 --external @opentui/core --external @opentui/react --outfile mnemex-linux-x64build:binary:macbun run download-grammars && bun build src/index.ts --compile --target=bun-darwin-arm64 --external @opentui/core --external @opentui/react --outfile mnemex-darwin-arm64devbun run src/index.tsdev:mcpbun run src/index.ts --mcpdownload-grammarsbun run scripts/download-grammars.tseval:rg:inspectinspect eval eval/rg/inspect_eval.py@rg_plugineval:rg:promptfoocd eval/rg && npx promptfoo@latest eval --no-cacheeval:rg:reportpython3 eval/rg/report.pyformatbiome format --write .install-globalbun run build && npm linklinknpm linklintbiome check .postinstallnode scripts/postinstall.cjs || truetestbun testtest:integrationbun test test/integrationtest:watchbun test --watchtypechecktsc --noEmitunlinknpm unlink -g mnemex
Dependencies14
@inquirer/prompts^7.0.0@inquirer/search^3.0.0@lancedb/lancedb^0.13.0@lmstudio/sdk^1.5.0@modelcontextprotocol/sdk^1.22.0@opentui/core0.1.82@opentui/react0.1.82@vscode/ripgrep^1.17.1better-sqlite3^11.6.0dotenv^16.4.7minimatch^10.0.1postgres^3.4.8web-tree-sitter^0.25.10zod^3.24.1
Optional dependencies4
@opentui/core-darwin-arm640.1.82@opentui/core-darwin-x640.1.82@opentui/core-linux-arm640.1.82@opentui/core-linux-x640.1.82