PkgRadar

Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
1
First published
May 2026
Publisher
marianfoo

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
Publishermarianfoo
Artifact bytes67,887
Previous versionnone
Published2026-05-28T20:57:59.527Z
SHA-256a8435db2bbbadfd77cb774bac52b21f85ea7f90a7572df8bca7a228c16caca14

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
0.3.1Version
Status history (2 events)
  1. newavailable · risk low · score 0 · status changed
  2. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts21
  • buildtsc
  • cleanrimraf dist
  • debug:container./debug-container.sh
  • devtsx watch src/mcp-server.ts
  • dev:httptsx watch src/http-mcp-server.ts
  • prepacknpm run clean && npm run build
  • prepublishOnlynpm run build
  • servenode dist/mcp-server.js
  • serve:httpAUTO_START=true node dist/http-mcp-server.js
  • serve:http:debugLOG_LEVEL=debug HTTP_PORT=3123 AUTO_START=true DEBUG_START=true node dist/http-mcp-server.js
  • startnpm run build && npm run serve
  • start:httpnpm run build && npm run serve:http
  • start:http:debugnpm run build && npm run serve:http:debug
  • testnpm run test:auth && npm run test:api && npm run test:mcp
  • test:apinpm run build && node test/test-sap-api.js
  • test:authnpm run build && node test/test-auth.js
  • test:auth:debugnpm run build && HEADFUL=true LOG_LEVEL=debug node test/test-auth.js
  • test:docker:debugnpm run build && node test/test-docker-debug.js
  • test:flownpm run build && node test/test-full-flow.js
  • test:mcpnpm run build && node test/test-mcp-server.js
  • test:mcp:debugnpm run build && LOG_LEVEL=debug DOCKER_ENV=true node test/test-mcp-server.js
Dependencies10
  • @marianfoo/sap-mcp-auth^0.1.0
  • @modelcontextprotocol/sdk^1.28.0
  • cors^2.8.5
  • dotenv^16.4.0
  • express^4.22.0
  • pino^9.14.0
  • pino-pretty^11.3.0
  • playwright^1.58.0
  • zod^4.3.6
  • zod-to-json-schema^3.25.0