Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 278
First published: Jan 2026
Publisher: realfishsam

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'

Publisherrealfishsam

Artifact bytes413,472

Previous version2.49.8

Published2026-06-11T07:36:22.667Z

SHA-256d949672945766692764faab75fc2d49adba2fc0c23d742376f61cb696f9fc58a

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low

21h agoLast checked

lowRisk

0Score

2.49.9Version

Status history (1 event)

new → available21h ago · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts17

buildtsc && cp src/server/openapi.yaml dist/server/openapi.yaml && cp src/server/method-verbs.json dist/server/method-verbs.json
bundle:servernpm run build && esbuild dist/server/index.js --bundle --platform=node --target=node18 --outfile=dist/server/bundled.js --define:__PMXT_VERSION__=\"$npm_package_version\" --external:fsevents --external:@opinion-labs/opinion-clob-sdk
cleanrm -rf dist
extract:jsdocnode ../scripts/extract-jsdoc.js
fetch:openapinode scripts/fetch-openapi-specs.js
generate:compliancenode scripts/generate-compliance.js
generate:docsnpm run extract:jsdoc && node ../scripts/generate-api-docs.js
generate:mintlifynode ../scripts/generate-mintlify-docs.js
generate:openapinode scripts/generate-openapi.js
generate:python-exchangesnode scripts/generate-python-exchanges.js
generate:sdk:allnpm run generate:openapi && npm run generate:sdk:python && npm run generate:python-exchanges && npm run generate:sdk:typescript && npm run generate:docs && npm run generate:mintlify && npm run generate:compliance
generate:sdk:pythonnpx @openapitools/openapi-generator-cli generate -i src/server/openapi.yaml -g python -o ../sdks/python/generated --package-name pmxt_internal --additional-properties=projectName=pmxt-internal,packageVersion=2.49.9,library=urllib3
generate:sdk:typescriptnpx @openapitools/openapi-generator-cli generate -i src/server/openapi.yaml -g typescript-fetch -o ../sdks/typescript/generated --additional-properties=npmName=pmxtjs,npmVersion=2.49.9,supportsES6=true,typescriptThreePlus=true && node ../sdks/typescript/scripts/fix-generated.js
prebuildnpm run clean
servertsx watch src/server/index.ts
server:prodnode dist/server/index.js
testjest -c jest.config.js

Dependencies16

@limitless-exchange/sdk^1.0.5
@opinion-labs/opinion-clob-sdk^0.6.0
@polymarket/clob-client-v2^1.0.5
@prob/clob0.5.0
@solana/web3.js^1.98.4
axios^1.17.0
bs58^6.0.0
cors^2.8.5
dotenv^17.2.3
ethers^5.8.0
express^5.2.1
isows^1.0.6
msgpackr^2.0.1
polymarket-us0.1.1
viem^2.0.0
ws^8.18.0