Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 11,635Mainstream · −50% score
Versions published: 29Established · −30% score
First published: Oct 2025
Publisher: simon_he

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'

Publishersimon_he

Artifact bytes163,103

Previous version0.0.42

Published2026-06-10T04:12:57.657Z

SHA-256be291eb8ad7b7573d679ee9f9458c25f1a8288b301f245330fade1b9300d29e7

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low

42h agoLast checked

lowRisk

0Score

0.0.44Version

Status history (1 event)

new → available42h ago · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts37

benchnode scripts/stream-benchmark.mjs
bench:playwrightnode scripts/playwright-bench.mjs
buildtsdown
compare:diff-uxnode scripts/playwright-diff-ux-compare.mjs
devnpm run build -- --watch src
formatprettier --write --cache .
linteslint . --cache
lint:fixpnpm run lint --fix
perf:analyzenode scripts/analyze-performance-report.mjs
perf:baselinepnpm build && node scripts/playwright-performance-gate.mjs --entry=dist --repeat=3 --update-baseline
perf:gatepnpm perf:gate:ci
perf:gate:baselinepnpm build && node scripts/playwright-performance-gate.mjs --entry=dist --require-baseline
perf:gate:budgetpnpm perf:gate:ci
perf:gate:canarypnpm build && node scripts/playwright-performance-gate.mjs --entry=dist --skip-baseline --repeat=1 --scenarios=editor-cold-first-highlight,editor-update-highlight,editor-stream-append-burst,diff-cold-first-highlight-no-unchanged-regions,diff-update-highlight,diff-stream-append-burst
perf:gate:cipnpm perf:gate:canary
perf:gate:releasepnpm build && node scripts/playwright-performance-gate.mjs --entry=dist --skip-baseline --repeat=2
perf:gate:srcnode scripts/playwright-performance-gate.mjs --entry=src
perf:reportpnpm build && node scripts/playwright-performance-gate.mjs --entry=dist --report-only
prepublishOnlypnpm release:verify
publish:packagepnpm release:verify && npm publish --ignore-scripts
releasebumpp --tag "v%s"
release:verifynode scripts/release-verify.mjs
shot:diff-uxnode scripts/playwright-diff-ux-shot.mjs
smoke:diffnode scripts/playwright-diff-smoke.mjs
smoke:height-stabilitynode scripts/playwright-height-stability-smoke.mjs
startesno src/index.ts
testvitest --run
typechecktsc --noEmit
validate:diff-gutternode scripts/playwright-diff-gutter-validate.mjs
validate:diff-hunk-actionsnode scripts/playwright-diff-hunk-actions-validate.mjs
…and 7 more.

Dependencies3

@shikijs/monaco^3.23.0
alien-signals^2.0.8
shiki^3.23.0