PkgRadar

Package evidence

[email protected]

Install-time lifecycle script: postinstall="genaiscript scripts fix"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
16
Versions published
13Established · −30% score
First published
Jun 2025
Publisher
genaiscript

Effective trust discount applied: 30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
Publishergenaiscript
Artifact bytes65,093
Previous version0.0.10
Published2025-06-17T17:47:49.473Z
SHA-25690fa0e3566db48918d063a17d0a598b6d69d6e3672b6a24bf884ba9e14dbf331

Why flagged

What the scanner saw

Install-time lifecycle script: postinstall="genaiscript scripts fix"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
3Score
0.0.11Version
Status history (1 event)
  1. newavailable · risk review · score 3 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 1 findings (low-signal and informational)
SeverityKindPathDetailPoints
lowInstall-time lifecycle scriptpackage.jsonpostinstall="genaiscript scripts fix"5

Manifest

Package metadata

Scripts80
  • all-sampleszx samples/run-samples.zx.mjs
  • all-samples-evalzx samples/run-samples-eval.zx.mjs
  • all-samples-genzx samples/run-samples-gen.zx.mjs
  • all-samples-runzx samples/run-samples-run.zx.mjs
  • az:loginaz login --scope api://trapi/.default --use-device-code
  • buildgenaiscript scripts compile
  • build:docsnpm run build:schemas && cd docs && npm run build
  • build:schemascp src/genaisrc/src/frontmatter.json docs/public/schemas/prompt.json
  • configuregenaiscript configure action promptpex
  • devgenaiscript run dev
  • dev:fabricgenaiscript run dev --vars "fabric=v1.4.149" --vars "samplePrompts=1"
  • docsnpm run build:schemas && cd docs && npm run dev
  • gcmgenaiscript run gcm -m github:openai/gpt-4.1 --no-run-trace --no-output-trace
  • gcm:azuregenaiscript run gcm -m azure:gpt-4o_2024-11-20 --no-run-trace --no-output-trace
  • gcm:ollamagenaiscript run gcm -m ollama:gemma3:27b --no-run-trace --no-output-trace
  • genaigenaiscript run
  • genaiscriptgenaiscript
  • install:forcerm package-lock.json && npm run install && cd docs && npm run install:force
  • lintprettier --write src/**/*.mts
  • ollamanpm run ollama:stop && npm run ollama:start
  • ollama:startdocker run -d -v ollama:/root/.ollama -p 11434:11434 --name ollama -e OLLAMA_FLASH_ATTENTION=1 -e OLLAMA_KV_CACHE_TYPE=q8_0 ollama/ollama
  • ollama:stopdocker stop ollama && docker rm ollama
  • postinstallgenaiscript scripts fix
  • postupdategenaiscript scripts fix
  • prdgenaiscript run prd -prd -m github:openai/gpt-4.1 --no-run-trace --no-output-trace
  • promptpexgenaiscript run promptpex
  • promptpex:azuregenaiscript run promptpex --vars "compliance=true" --model "azure:gpt-4o_2024-11-20" --vars "modelsUnderTest=azure:gpt-4o-mini_2024-07-18" --vars cache=true --vars evalCache=true --vars testRunCache=true
  • promptpex:bare:azuregenaiscript run promptpex "samples/demo/bare.prompty" --vars "compliance=true" --model "azure:gpt-4o_2024-11-20" --vars "modelsUnderTest=azure:gpt-4o-mini_2024-07-18" --vars cache=true --vars evalCache=true --vars testRunCache=true --vars out=evals
  • promptpex:demo:azuregenaiscript run promptpex "samples/demo/demo.prompty" --vars "compliance=true" --model "azure:gpt-4o_2024-11-20" --vars "modelsUnderTest=azure:gpt-4o-mini_2024-07-18" --vars cache=true --vars evalCache=true --vars testRunCache=true
  • promptpex:demo:githubgenaiscript run promptpex "samples/demo/demo.prompty" --vars "compliance=true" --model "github:openai/gpt-4o" --vars "modelsUnderTest=github:openai/gpt-4o-mini;github:microsoft/Phi-4-mini-instruct" --vars cache=true --vars evalCache=true --vars testRunCache=true
  • …and 50 more.
Dependencies2
  • genaiscript^1.142.13
  • openai^5.5.1