PkgRadar

Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
41Mature · −50% score
First published
Apr 2022
Publisher
banou26

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
Publisherbanou26
Artifact bytes205,584
Previous version0.2.10
Published2026-01-31T21:02:27.541Z
SHA-25613819dcf8c1735de6074d8d320cbe6fd7c6da676c07b74fdac789aa60edb2b6e

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
0.2.11Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts21
  • _devconcurrently "npm run build-watch" "npm run build-test-watch" "npm run test-watch"
  • buildvite build
  • build-extension-testvite build --config vite.extension-test.config.ts
  • build-extension-test-watchvite build --config vite.extension-test.config.ts --watch
  • build-testvite build --config vite.test.config.ts
  • build-test-watchvite build --config vite.test.config.ts --watch
  • build-watchvite build --watch
  • clean-coveragerimraf .nyc_output coverage
  • devconcurrently "npm run build-test-watch"
  • dev2concurrently "npm run build-watch" "npm run build-test-watch" "npm run test-watch-headful"
  • linux-run-playwrightxhost +local:docker && docker run -it --name playwright -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix:rw --network=host --ipc=host --shm-size=2gb --rm mcr.microsoft.com/playwright:v1.55.1-noble npx npx -y [email protected] run-server --port 8010 --host 0.0.0.0
  • linux-testPW_TEST_CONNECT_WS_ENDPOINT=ws://127.0.0.1:8010/ npx playwright test -c playwright.linux.config.ts
  • linux-test-watch-headfulnodemon --watch build --exec "PW_TEST_CONNECT_WS_ENDPOINT=ws://127.0.0.1:8010/ npx playwright test -c playwright.linux.config.ts"
  • print-coveragenpx nyc report
  • start-serverhttp-server -p 3000
  • testnpm run build-test && npx playwright test
  • test-extensionnpm run build-extension-test && npx playwright test -c playwright.extension.config.ts
  • test-watchset PWTEST_WATCH=1 & npx playwright test
  • test-watch-headfulnodemon --watch build --exec "npx playwright test --headed"
  • test-with-coveragenpm run build-test && npx playwright test && npm run print-coverage && npm run clean-coverage
  • type-checktsgo --noEmit