Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 58Mature · −50% score
First published: Apr 2024
Publisher: bhsd

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'

Publisherbhsd

Artifact bytes1,005,286

Previous version2.0.1

Published2026-06-01T13:34:38.377Z

SHA-2566889966b49be684b1d50e0c8a9cfae69da1dcdf4d845246a670f5af331487d0c

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low

7d agoLast checked

lowRisk

0Score

2.1.0Version

Status history (1 event)

new → available7d ago · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts15

buildrm -rf dist/; npm run build:core && node build.js && gsed -i '/^\/\/ /d' dist/main.js && eslint --no-config-lookup -c eslint.dist.mjs dist/*.min.js
build:coretsc && rm dist/all.d.ts
build:gh-pagetsc --project gh-page/tsconfig.json
build:testrm -rf test/dist/; tsc --project test/tsconfig.json && npm test
lintnpm run lint:ts && npm run lint:css && npm run lint:md
lint:cssstylelint --cache gh-page/*.css
lint:mdmarkdownlint-cli2 '**/*.md'
lint:tstsc --noEmit && tsc --project gh-page/tsconfig.json --noEmit && tsc --project test/tsconfig.json --noEmit && tsc --project bundle/tsconfig.json && eslint --cache .
lsnpm i --package-lock-only && npm ls --package-lock-only --all --omit=dev
prepublishOnlynpm run build
servernpm run test:end; http-server .. -c-1 --cors -s &
testmocha
test:endpkill -x http-server
test:realnode test/dist/test/real.js
test:regexnode test/dist/test/optimizer.js

Dependencies3

@bhsd/browser^0.4.0
@bhsd/cm-util^2.1.0
@bhsd/codemirror-mediawiki^3.19.0