Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 298
Versions published: 143Mature · −50% score
First published: Aug 2023
Publisher: sui.gn

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'

Publishersui.gn

Artifact bytes148,879

Previous version3.7.2

Published2026-04-29T06:17:28.136Z

SHA-2562f8652868349e9d1e3352301be20faf9d750685d4d714e230df4f5a28e4a149d

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low

7d agoLast checked

lowRisk

0Score

3.8.0Version

Status history (1 event)

new → available7d ago · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts36

benchnpm run bench:phase2 && npm run bench:phase3
bench:phase2npm run bench:phase2:explain && npm run bench:phase2:write && npm run bench:phase2:rewrite
bench:phase2:explainnode tests/Phases/Phase.2.1.explain-lookup.js
bench:phase2:rewritenode tests/Phases/Phase.2.3.rewrite-pressure.test.js
bench:phase2:writenode tests/Phases/Phase.2.2.write-pressure.test.js
bench:phase3npm run bench:phase3:exact-scale && npm run bench:phase3:ivf-vs-exact && npm run bench:phase3:ivf-tuning && npm run bench:phase3:vector:corpus
bench:phase3:cascadenode --expose-gc tests/Benchmarks/benchmark.cascade-10dep.ts
bench:phase3:exact-scalenode --expose-gc tests/Benchmarks/benchmark.search-exact-scale.ts
bench:phase3:ivf-tuningnode --expose-gc tests/Benchmarks/benchmark.ivf-tuning.ts
bench:phase3:ivf-vs-exactnode --expose-gc tests/Benchmarks/benchmark.ivf-vs-exact.ts
bench:phase3:vector:corpusnode tests/Benchmarks/benchmark.vector-corpus.ts
buildvite build --config vite.config.ts
devvite --config vite.config.ts
docs:apitypedoc
docs:api:watchtypedoc --watch
docs:buildvitepress build docs
docs:devvitepress dev docs
docs:previewvitepress preview docs
docs:publishnpm run docs:build && mkdir -p typedocs && touch typedocs/.nojekyll
phase2npm run test:phase2 && npm run bench:phase2
phase3npm run test:phase3 && npm run bench:phase3
phasesnpm run phase2 && npm run phase3
prepublishOnlynpm run build
previewvite preview --config vite.config.ts
testnpm run test:ts && npm run test:demos:run-all && npm run test:umd && npm run test:prebuild && npm run test:contracts && npm run test:phase2 && npm run test:phase3
test:contractsnode tests/contracts/run-contracts.mjs
test:demos:run-allnode tests/Demos/run-all.ts
test:me-urinode tests/me-uri.test.ts
test:phase2npm run test:phase2:smoke:disk
test:phase2:smoke:disknode tests/Phases/Phase.2.0.smoke.test.js
…and 6 more.

Dependencies1

js-sha3^0.9.3