Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 85,804Mainstream · −50% score
- Versions published
- 997Mature · −50% score
- First published
- Apr 2019
- Publisher
- GitHub ActionsTrusted automation · −70% score
Effective trust discount applied: −70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Credential file access: matched ".aws"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 7 · status changed
Evidence
Static findings
5 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 5 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Credential file access | package/dist/modules/external-secrets.ee/providers/aws-secrets-manager.js | matched ".aws" | 5 |
| low | Credential file access | package/dist/modules/external-secrets.ee/providers/azure-key-vault/azure-key-vault.js | matched ".azure" | 5 |
| low | Credential file access | package/dist/security-audit/constants.js | matched ".ssh" | 5 |
| low | Credential file access | package/dist/modules/source-control.ee/source-control-preferences.service.ee.js | matched ".ssh" | 5 |
| low | Credential file access | package/dist/modules/instance-ai/eval/workflow-analysis.js | matched ".ssh" | 5 |
Manifest
Package metadata
Scripts32
buildtsc -p tsconfig.build.json && tsc-alias -p tsconfig.build.json && pnpm run build:databuild:datanode scripts/build.mjsbuildAndDevpnpm run build && pnpm run devcleanrimraf dist .turbodevconcurrently -k -n "TypeScript,Node" -c "yellow.bold,cyan.bold" "npm run watch" "nodemon --delay 1"dev:webhookconcurrently -k -n "TypeScript,Node" -c "yellow.bold,cyan.bold" "npm run watch" "nodemon webhook"dev:workerconcurrently -k -n "TypeScript,Node" -c "yellow.bold,cyan.bold" "npm run watch" "nodemon worker"formatbiome format --write .format:checkbiome ci .linteslint . --quietlint:fixeslint . --fixstartnode ../../scripts/os-normalize.mjs --dir bin n8ntestN8N_LOG_LEVEL=silent DB_SQLITE_POOL_SIZE=4 DB_TYPE=sqlite jesttest:devN8N_LOG_LEVEL=silent DB_SQLITE_POOL_SIZE=4 DB_TYPE=sqlite jest --watchtest:dev:winset N8N_LOG_LEVEL=silent&& set DB_SQLITE_POOL_SIZE=4&& set DB_TYPE=sqlite&& jest --watchtest:integrationN8N_LOG_LEVEL=silent DB_SQLITE_POOL_SIZE=4 DB_TYPE=sqlite jest --config=jest.config.integration.jstest:mariadbecho truetest:mariadb:winecho truetest:postgresN8N_LOG_LEVEL=silent DB_TYPE=postgresdb DB_POSTGRESDB_SCHEMA=alt_schema DB_TABLE_PREFIX=test_ jest --config=jest.config.integration.js --no-coveragetest:postgres:integration:tcN8N_LOG_LEVEL=silent jest --config=jest.config.integration.testcontainers.js --no-coverage --testPathIgnorePatterns=/test/migration/test:postgres:migrationsN8N_LOG_LEVEL=silent DB_TYPE=postgresdb DB_POSTGRESDB_SCHEMA=alt_schema DB_TABLE_PREFIX=test_ jest --config=jest.config.migration.js --no-coveragetest:postgres:migrations:tcN8N_LOG_LEVEL=silent DB_TYPE=postgresdb DB_POSTGRESDB_SCHEMA=alt_schema DB_TABLE_PREFIX=test_ jest --config=jest.config.migration.testcontainers.js --no-coveragetest:postgres:tcN8N_LOG_LEVEL=silent jest --config=jest.config.integration.testcontainers.js --no-coveragetest:postgres:winset N8N_LOG_LEVEL=silent&& set DB_TYPE=postgresdb&& set DB_POSTGRESDB_SCHEMA=alt_schema&& set DB_TABLE_PREFIX=test_&& jest --config=jest.config.integration.js --no-coveragetest:sqliteN8N_LOG_LEVEL=silent DB_SQLITE_POOL_SIZE=4 DB_TYPE=sqlite jest --config=jest.config.integration.js --no-coveragetest:sqlite:migrationsN8N_LOG_LEVEL=silent DB_SQLITE_POOL_SIZE=4 DB_TYPE=sqlite jest --config=jest.config.migration.js --no-coveragetest:sqlite:migrations:tcN8N_LOG_LEVEL=silent DB_SQLITE_POOL_SIZE=4 DB_TYPE=sqlite jest --config=jest.config.migration.testcontainers.js --no-coveragetest:sqlite:winset N8N_LOG_LEVEL=silent&& set DB_SQLITE_POOL_SIZE=4&& set DB_TYPE=sqlite&& jest --config=jest.config.integration.jstest:unitN8N_LOG_LEVEL=silent DB_SQLITE_POOL_SIZE=4 DB_TYPE=sqlite jest --config=jest.config.unit.jstest:winset N8N_LOG_LEVEL=silent&& set DB_SQLITE_POOL_SIZE=4&& set DB_TYPE=sqlite&& jest- …and 2 more.
Dependencies131
@1password/connect1.4.2@ai-sdk/anthropic2.0.61@apidevtools/json-schema-ref-parser12.0.2@aws-sdk/client-secrets-manager3.808.0@azure/identity4.13.0@azure/keyvault-secrets4.8.0@chat-adapter/linear^4.26.0@chat-adapter/slack^4.26.0@chat-adapter/state-memory^4.26.0@chat-adapter/telegram^4.26.0@google-cloud/secret-manager5.6.0@modelcontextprotocol/sdk1.26.0@n8n/agents0.8.1@n8n/ai-node-sdk0.13.1@n8n/ai-utilities0.16.1@n8n/ai-workflow-builder1.22.1@n8n/api-types1.22.1@n8n/backend-common1.22.1@n8n/chat-hub1.15.1@n8n/client-oauth21.6.0@n8n/config2.21.0@n8n/constants0.24.0@n8n/db1.22.2@n8n/decorators1.22.1@n8n/di0.12.0@n8n/errors0.8.0@n8n/expression-runtime0.14.1@n8n/instance-ai1.7.1@n8n/n8n-nodes-langchain2.22.2@n8n/permissions0.60.0- …and 101 more.