PkgRadar

Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
30
First published
Mar 2026
Publisher
shaun0927

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
Publishershaun0927
Artifact bytes2,019,653
Previous version0.6.1
Published2026-05-27T13:10:32.982Z
SHA-2568dcde2539d2ccd5cc2121f6431970ae11741e6f3b6a38f0857db354d5a5b88fb

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
0.6.2Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts29
  • audit:allnpm audit
  • audit:all:jsonnpm audit --json
  • audit:prodnpm audit --omit=dev
  • audit:prod:jsonnpm audit --omit=dev --json
  • buildnpm run clean && npm run build:src && npm run build:cli && npm run build:ax-bridge-native && npm run build:ax-bridge-cli && npm run build:sim-hid-bridge-native && npm run build:sim-hid-bridge-cli && npm run build:cursor-monitor
  • build:ax-bridge-cliwebpack --config webpack.config.js --config-name ax-bridge-cli && chmod +x dist/ax-bridge
  • build:ax-bridge-nativeswiftc -O src/native/ax-bridge.swift -o dist/ax-bridge-native && (codesign --sign - dist/ax-bridge-native || echo 'ax-bridge-native: ad-hoc codesign failed, keeping unsigned binary (still runnable for AX queries against booted simulators)') || echo 'ax-bridge-native: swiftc compilation failed, falling back to swift interpreter at runtime'
  • build:cliwebpack --config webpack.config.js --config-name cli && chmod +x dist/cli/index.js
  • build:cursor-monitorswiftc -O src/native/cursor-monitor.swift -o dist/cursor-monitor && (codesign --sign - dist/cursor-monitor || echo 'cursor-monitor: ad-hoc codesign failed, keeping unsigned binary') || echo 'cursor-monitor: swiftc compilation failed, falling back to swift interpreter at runtime'
  • build:sim-hid-bridge-cliwebpack --config webpack.config.js --config-name sim-hid-bridge-cli && chmod +x dist/sim-hid-bridge
  • build:sim-hid-bridge-nativeswiftc -O src/native/sim-hid-bridge.swift -o dist/sim-hid-bridge-native && (codesign --sign - dist/sim-hid-bridge-native || echo 'sim-hid-bridge-native: ad-hoc codesign failed, keeping unsigned binary (still runnable for HID dispatch)') || echo 'sim-hid-bridge-native: swiftc compilation failed, falling back to swift interpreter at runtime'
  • build:srcwebpack --config webpack.config.js --config-name server
  • cleanrimraf dist
  • devts-node --esm src/index.ts
  • linteslint 'src/**/*.ts' 'cli/**/*.ts' 'tests/**/*.ts'
  • lint:fixeslint --fix 'src/**/*.ts' 'cli/**/*.ts' 'tests/**/*.ts'
  • postbuildcp src/native/ax-bridge.swift dist/ 2>/dev/null || true; cp src/native/sim-hid-bridge.swift dist/ 2>/dev/null || true; cp src/native/cursor-monitor.swift dist/ 2>/dev/null || true
  • preparenpm run build
  • prepublishOnlynpm run audit:prod && npm run build && npm test
  • startnode dist/index.js
  • testjest --config jest.config.js
  • test:cijest --config jest.ci.config.js
  • test:coveragejest --coverage
  • test:integrationjest --preset ts-jest --testEnvironment node --roots tests/integration --testPathIgnorePatterns '/node_modules/' --testPathIgnorePatterns 'webkit-connection' --testTimeout=120000 --runInBand --reporters=default --reporters=<rootDir>/tests/integration/screenshot-failure-reporter.cjs
  • test:integration:monitorednode scripts/run-with-cursor-monitor.js -- npm run test:integration
  • test:liveOSF_LIVE=1 node scripts/run-with-cursor-monitor.js -- npm run test:integration
  • test:sentineljest --config jest.sentinel.config.js
  • test:unitjest --config jest.config.js
  • verify:issue-10-healthyts-node --transpile-only --skip-project -O '{"module":"commonjs","moduleResolution":"node","target":"ES2022","esModuleInterop":true,"strict":true}' scripts/verify-issue-10-healthy.ts
Dependencies4
  • commander^12.0.0
  • pixelmatch^7.1.0
  • pngjs^6.0.0
  • ws^8.21.0