PkgRadar

Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
1
First published
Jun 2026
Publisher
bcb_1000

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
Publisherbcb_1000
Artifact bytes94,571
Previous versionnone
Published2026-06-01T03:19:42.517Z
SHA-256c7b6c7e3e75602fa0ed474aebfaaa2467f22b151384d8aa4401473634d55d391

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
0.2.0Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts24
  • buildtsc
  • changesetchangeset
  • check-npm-buildnpm pack --dry-run --ignore-scripts
  • coveragevitest run --coverage
  • coverage:badgenode ./src/scripts/updateCoverageBadge.mjs
  • db:createenv-cmd -f .env sequelize-cli db:create || sequelize-cli db:create
  • db:dropenv-cmd -f .env sequelize-cli db:drop || sequelize-cli db:drop
  • db:refreshenv-cmd -f .env sequelize-cli db:drop && sequelize-cli db:create
  • devtsx watch --env-file .env src/server.ts
  • formatprettier --write .
  • linteslint . --ext .ts
  • migrate:createenv-cmd -f .env sequelize-cli migration:generate --name
  • migrate:downenv-cmd -f .env sequelize-cli db:migrate:undo
  • migrate:resetenv-cmd -f .env sequelize-cli db:migrate:undo:all && sequelize-cli db:migrate
  • migrate:upenv-cmd -f .env sequelize-cli db:migrate || sequelize-cli db:migrate
  • preparehusky
  • release:stablenpm run build && changeset publish
  • startnode dist/server.js
  • testvitest
  • test:ciCI=true vitest
  • test:e2eCI=false vitest
  • test:runvitest run
  • typechecktsc --noEmit
  • version-packageschangeset version
Dependencies26
  • @asteasolutions/zod-to-openapi^8.4.3
  • @seamless-auth/messaging^0.1.0
  • @seamless-auth/messaging-aws^0.1.0
  • @seamless-auth/messaging-twilio^0.1.0
  • @seamless-auth/types^0.1.3
  • @sequelize/postgres^7.0.0-alpha.46
  • @simplewebauthn/server^13.1.1
  • @types/bcrypt^6.0.0
  • base64url^3.0.1
  • bcrypt-ts^7.1.0
  • cors^2.8.5
  • express^4.19.2
  • express-rate-limit^7.5.0
  • express-slow-down^2.0.3
  • helmet^8.1.0
  • jose^6.0.11
  • jsonwebtoken^9.0.2
  • libphonenumber-js^1.12.7
  • pg^8.15.6
  • pg-hstore^2.3.4
  • sequelize^6.37.3
  • sequelize-cli^6.6.2
  • swagger-ui-express^5.0.1
  • validator^13.15.0
  • winston^3.14.2
  • zod^4.3.6