Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 481
- Versions published
- 227Established · −30% score
- First published
- Jul 2025
- Publisher
- farajabien
Effective trust discount applied: −30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
No high-signal static finding in the saved report.
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
No findings stored for this release.
Manifest
Package metadata
Scripts16
buildnpm run build:clean && npm run build:compile && npm run build:alias && npm run build:copybuild:alias([ "$npm_config_loglevel" = "silent" ] || echo '🔗 Resolving path aliases...') && tsc-aliasbuild:cleanrm -rf dist && ([ "$npm_config_loglevel" = "silent" ] || echo '🧹 Cleaned build directory')build:compile([ "$npm_config_loglevel" = "silent" ] || echo '🔨 Compiling TypeScript...') && tsc --noEmitOnError falsebuild:copy([ "$npm_config_loglevel" = "silent" ] || echo '📋 Copying config files...') && cp -r src/config dist/ && cp -r src/templates dist/ && cp package.json dist/apps/cli/ && chmod +x dist/apps/cli/src/cli.js && ([ "$npm_config_loglevel" = "silent" ] || echo '✅ Build complete')devts-node src/cli.tslinteslint "src/**/*.ts" --quietlint:fixeslint "src/**/*.ts" --fix --quietprepublishOnlyecho 'Skipping tests and lint for now' && npm run buildstartnode dist/cli.jstestjest --passWithNoTeststest:coveragejest --coverage --passWithNoTeststest:integrationjest --testPathPattern=integration --passWithNoTeststest:unitjest --testPathPattern='unit|core/' --passWithNoTeststest:watchjest --watch --passWithNoTestswatchtsc --watch --pretty
Dependencies37
@anthropic-ai/claude-agent-sdk^0.1.1@anthropic-ai/sdk^0.102.0@google-cloud/vertexai^1.10.0@google/generative-ai^0.24.1@huggingface/inference^4.11.1@modelcontextprotocol/sdk^1.26.0@mycontext/tui-chatworkspace:*@myycontext/coreworkspace:*@playwright/test^1.58.2@types/figlet^1.7.0@types/handlebars^4.1.0axios^1.6.0chalk^5.6.2clipboardy^5.3.1commander^11.1.0diff^8.0.2dotenv^17.2.3dotenv-expand^12.0.3figlet^1.9.3fs-extra^11.3.2fuse.js^7.1.0glob^10.3.10gradient-string^3.0.0handlebars^4.7.8inquirer^9.2.12js-yaml^4.1.1mdast-util-to-markdown^2.1.2node-fetch^2.7.0openai^6.2.0ora^7.0.1- …and 7 more.