Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 235
- Versions published
- 40
- First published
- Apr 2026
- Publisher
- bloknayrb
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Large Javascript Payload: 6979354 bytes
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
1 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 1 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Large Javascript Payload | package/dist/server/index.js | 6979354 bytes | 0 |
Manifest
Package metadata
Scripts33
audit:dead-codeknipaudit:originstsx scripts/audit-origins.tsaudit:ymap-keystsx scripts/audit-ymap-keys.tsbuildnpm run typecheck && vite build && node scripts/check-font-assets.mjs && tsupbuild:reapernode scripts/build-reaper.mjsbuild:servertsupbuild:taurinode scripts/download-node-sidecar.mjs && node scripts/build-reaper.mjs && cargo tauri buildcapture:design-baselinescross-env CAPTURE_DESIGN_BASELINES=1 playwright test --config=scripts/design-baselines/playwright.config.tscapture:screenshotscross-env SCREENSHOTS=1 playwright test --config=scripts/screenshots/playwright.config.tschanneltsx src/channel/index.tscheck:fontsnode scripts/check-font-assets.mjscheck:tokenstsx scripts/check-semantic-tokens.tsdevvitedev:clientvitedev:servertsx watch src/server/index.tsdev:standalonenode scripts/dev-standalone.mjsdev:taurinode scripts/download-node-sidecar.mjs && node scripts/build-reaper.mjs && cargo tauri devdoctortsx scripts/doctor.mjsformatbiome format --write .kgnode scripts/kg.mjskg:lintnode scripts/kg-lint.mjslinteslint .preparehuskyprepublishOnlynpm run buildpreviewvite previewservertsx src/server/index.tsstart:channelnode dist/channel/index.jsstart:servernode dist/server/index.jstestvitesttest:e2eplaywright test- …and 3 more.
Dependencies42
@hocuspocus/provider3.4.4@hocuspocus/server2.15.3@modelcontextprotocol/sdk^1.12.1@napi-rs/keyring^1.3.0@sentry/browser^10.8.0@sentry/node^10.8.0@tauri-apps/api^2.11.0@tauri-apps/plugin-dialog^2.7.1@tiptap/core^2.11.0@tiptap/extension-collaboration^2.11.0@tiptap/extension-collaboration-cursor^2.11.0@tiptap/extension-highlight^2.11.0@tiptap/extension-image^2.27.2@tiptap/extension-link^2.27.2@tiptap/extension-list-item^2.27.2@tiptap/extension-placeholder^2.11.0@tiptap/extension-table^2.11.0@tiptap/extension-table-cell^2.11.0@tiptap/extension-table-header^2.11.0@tiptap/extension-table-row^2.11.0@tiptap/pm^2.11.0@tiptap/starter-kit^2.11.0docx^9.6.1dom-serializer^3.0.0env-paths^4.0.0express^5.2.1htmlparser2^12.0.0jszip^3.10.1mammoth^1.8.0markdown-it^14.1.1- …and 12 more.