Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 23,680Mainstream · −50% score
- Versions published
- 3,174Mature · −50% score
- First published
- Oct 2022
- Publisher
- seveibar
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Large Javascript Payload: 21695985 bytes
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
2 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 2 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Large Javascript Payload | package/dist/browser.min.js | 21695985 bytes | 0 |
| low | Large Javascript Payload | package/dist/webworker.min.js | 8741688 bytes | 0 |
Manifest
Package metadata
Scripts7
add-global-types-referenceecho '/// <reference path="../globals.d.ts" />' | cat - dist/index.d.ts > dist/index.d.ts.tmp && mv dist/index.d.ts.tmp dist/index.d.tsbuildtsup-node && bun run copy-runframe-standalone && bun run copy-eval-webworker && cp types/static-assets.d.ts dist/static-assets.d.ts && bun run add-global-types-referencecopy-core-versionsbun run scripts/copy-core-versions.ts && bun install --ignore-scriptscopy-eval-webworkerbun run scripts/copy-eval-webworker.tscopy-runframe-standalonebun run scripts/copy-runframe-standalone.tstestbun testupgrade-depsbun update --latest @tscircuit/core @tscircuit/cli @tscircuit/eval && bun run copy-core-versions && bun install --ignore-scripts
Dependencies69
@flatten-js/core^1.6.2@lume/kiwi^0.4.3@resvg/resvg-js^2.6.2@rollup/plugin-commonjs^29.0.0@rollup/plugin-json^6.1.0@rollup/plugin-node-resolve^16.0.3@rollup/plugin-typescript^12.3.0@tscircuit/alphabet0.0.25@tscircuit/capacity-autorouter^0.0.583@tscircuit/checks0.0.137@tscircuit/circuit-json-util^0.0.96@tscircuit/copper-pour-solver^0.0.29@tscircuit/core^0.0.1322@tscircuit/eval^0.0.923@tscircuit/footprinter^0.0.357@tscircuit/infer-cable-insertion-point^0.0.2@tscircuit/infgrid-ijump-astar^0.0.35@tscircuit/internal-dynamic-import^0.0.2@tscircuit/krt-wasm^0.1.1@tscircuit/matchpack@tscircuit/math-utils^0.0.36@tscircuit/miniflex^0.0.4@tscircuit/ngspice-spice-engine^0.0.10@tscircuit/props^0.0.546@tscircuit/runframe^0.0.2071@tscircuit/schematic-match-adapt^0.0.18@tscircuit/schematic-trace-solver^0.0.68@tscircuit/simple-3d-svg^0.0.41@tscircuit/solver-utils^0.0.16@tscircuit/soup-util^0.0.41- …and 39 more.