PkgRadar

Package evidence

[email protected]

Remote Dependency Spec: devDependencies.jaguarjs-jsdoc="github:dcodeIO/jaguarjs-jsdoc"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
58,998,508Ubiquitous · −70% score
Versions published
211Mature · −50% score
First published
Mar 2013
Publisher
GitHub ActionsTrusted automation · −70% score

Effective trust discount applied: 70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
PublisherGitHub Actions
Artifact bytes638,804
Previous version7.6.3
Published2026-06-12T12:10:59.442Z
SHA-256e688bb96079cefa6b9a7d84fe3c34475e36e745ff840b4300c44548814f1e9bd

Why flagged

What the scanner saw

Remote Dependency Spec: devDependencies.jaguarjs-jsdoc="github:dcodeIO/jaguarjs-jsdoc"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
3Score
7.6.4Version
Status history (1 event)
  1. newavailable · risk review · score 3 · status changed

Evidence

Static findings

2 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumRemote Dependency Specpackage.jsondevDependencies.jaguarjs-jsdoc="github:dcodeIO/jaguarjs-jsdoc"8
Show all 2 findings (low-signal and informational)
SeverityKindPathDetailPoints
mediumRemote Dependency Specpackage.jsondevDependencies.jaguarjs-jsdoc="github:dcodeIO/jaguarjs-jsdoc"8
lowInstall-time lifecycle scriptpackage.jsonpostinstall="node scripts/postinstall"5

Manifest

Package metadata

Scripts21
  • benchnode bench
  • buildnpm run build:bundle && npm run build:types
  • build:bundlegulp --gulpfile scripts/gulpfile.js
  • build:typesnode cli/bin/pbts --main --global protobuf --out index.d.ts src/ lib/aspromise/index.js lib/base64/index.js lib/codegen/index.js lib/eventemitter/index.js lib/float/index.js lib/fetch/index.js lib/path/index.js lib/pool/index.js lib/utf8/index.js
  • changelognode scripts/changelog -w
  • coveragenpm run coverage:test && npm run coverage:report
  • coverage:reportnyc report --reporter=lcov --reporter=text
  • coverage:testnyc --silent tape -r ./lib/tape-adapter tests/*.js tests/node/*.js
  • docsjsdoc -c config/jsdoc.json -R README.md --verbose --pedantic
  • lintnpm run lint:sources && npm run lint:types
  • lint:sourceseslint "**/*.js" -c config/eslint.json
  • lint:typestslint "**/*.d.ts" -e "**/node_modules/**" -t stylish -c config/tslint.json
  • makenpm run lint:sources && npm run build && npm run lint:types && node ./scripts/gentests.js && npm test
  • pagesnode scripts/pages
  • postinstallnode scripts/postinstall
  • prepublishcd cli && npm install && cd .. && npm run build
  • prepublishOnlycd cli && npm install && cd .. && npm run build
  • profnode bench/prof
  • testnpm run test:sources && npm run test:types
  • test:sourcestape -r ./lib/tape-adapter tests/*.js tests/node/*.js
  • test:typestsc tests/comp_typescript.ts --lib es2015 --esModuleInterop --strictNullChecks --experimentalDecorators --emitDecoratorMetadata && tsc tests/data/test.js.ts --lib es2015 --esModuleInterop --noEmit --strictNullChecks && tsc tests/data/*.ts --lib es2015 --esModuleInterop --noEmit --strictNullChecks
Dependencies11
  • @protobufjs/aspromise^1.1.2
  • @protobufjs/base64^1.1.2
  • @protobufjs/codegen^2.0.5
  • @protobufjs/eventemitter^1.1.1
  • @protobufjs/fetch^1.1.1
  • @protobufjs/float^1.0.2
  • @protobufjs/path^1.1.2
  • @protobufjs/pool^1.1.0
  • @protobufjs/utf8^1.1.1
  • @types/node>=13.7.0
  • long^5.3.2