Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 765Mature · −50% score
First published: Mar 2016
Publisher: gribnoysup

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'

Publishergribnoysup

Artifact bytes83,262

Previous version22.39.4

Published2026-06-17T12:21:39.302Z

SHA-2568f39ab8c79be0da421867c97d859762182c40e57625ca2873f545b04c96e24ed

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low

3d agoLast checked

lowRisk

0Score

22.40.0Version

Status history (1 event)

new → available3d ago · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts19

bootstrapnpm run compile
checknpm run typecheck && npm run lint && npm run depcheck
check-cinpm run check
cleannode -e "fs.rmSync('dist', { recursive: true, force: true })" || true
compiletsc -p tsconfig-build.json
depcheckcompass-scripts check-peer-deps && depcheck
eslinteslint-compass
lintnpm run eslint . && npm run prettier -- --check .
precompilenpm run clean
prepublishOnlynpm run compile && compass-scripts check-exports-exist
prettierprettier-compass
reformatnpm run eslint . -- --fix && npm run prettier -- --write .
testmocha
test-cinpm run test-cov -- -- --include "./**/*.{spec,test}.*" --exclude "./src/connect.spec.ts" --exclude "./src/csfle-collection-tracker.spec.ts"
test-connectivitymocha ./src/connect.spec.ts
test-covnyc --compact=false --produce-source-map=false -x "**/*.spec.*" --reporter=lcov --reporter=text --reporter=html npm run test
test-csflemocha ./src/csfle-collection-tracker.spec.ts ./src/data-service.spec.ts
test-watchnpm run test -- --watch
typechecktsc -p tsconfig.json --noEmit

Dependencies11

@mongodb-js/compass-utils^0.10.0
@mongodb-js/devtools-connect^3.17.0
@mongodb-js/devtools-proxy-support^0.7.15
bson^7.2.0
debug^4.3.4
lodash^4.18.1
mongodb^7.1.1
mongodb-build-info^1.8.1
mongodb-connection-string-url^7.0.1
mongodb-log-writer^2.4.4
mongodb-ns^3.2.0

Optional dependencies1

mongodb-client-encryption^7.0.0