Package evidence
[email protected]
Install-time lifecycle script: postinstall="node scripts/patch-facilitator-timeout.mjs"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 2
- First published
- Jun 2026
- Publisher
- mimranakb
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Install-time lifecycle script: postinstall="node scripts/patch-facilitator-timeout.mjs"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 5 · status changed
Evidence
Static findings
1 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 1 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Install-time lifecycle script | package.json | postinstall="node scripts/patch-facilitator-timeout.mjs" | 5 |
Manifest
Package metadata
Scripts42
alchemy:doctortsx scripts/alchemy-doctor.tsaudition:x402gletsx scripts/run-x402gle-audition.tsaudition:x402gle:endpointstsx scripts/run-x402gle-all-endpoints.ts --only-missingaudition:x402gle:missingtsx scripts/run-x402gle-missing-routes.tsaudition:x402gle:v2tsx scripts/run-x402gle-audition-v2.tsbazaar:settle-allnode scripts/bazaar-settle-all.mjsbuildtscbuild:packagesnpm run build --prefix packages/x402-preflight && npm run build --prefix packages/trust-layer-mcpcinpm run typecheck && npm run verify:bazaar && npm run test:unit && npm run test:golden && npm run test:nonce && npm run smoke:verifier && npm run smoke:verifier:alldebug:settlementtsx scripts/debug-buy-advisor-pay.tsdemotsx src/client/demo.tsdemo:alchemytsx src/client/demo-alchemy-live.tsdemo:alchemy:enterprisetsx src/client/demo-alchemy-live.ts --enterprisedemo:tailtsx src/client/demo-tail.tsdevtsx watch src/index.tsdiscovery:checknpx -y @agentcash/discovery@latest checkdiscovery:discovernpx -y @agentcash/discovery@latest discoverdocs:ainode scripts/generate-ai-docs.mjsdoctortsx scripts/doctor.tslist:x402gle:missingnode scripts/list-x402gle-missing.mjsopenapi:generatetsx scripts/generate-openapi.tspostinstallnode scripts/patch-facilitator-timeout.mjsprepublishOnlynpm run buildprobe:productionnode scripts/probe-production.mjsprobe:settlementtsx scripts/probe-settle-mismatch.tsprobe:x402gle:missingnode scripts/probe-x402gle-missing-unpaid.mjsregister:agent-marketnode scripts/register-agent-market.mjssmoke:guardtsx scripts/smoke-guard-paid.tssmoke:verifiertsx scripts/smoke-verifier-examples.tssmoke:verifier:alltsx scripts/smoke-all-verifier-examples.ts- …and 12 more.
Dependencies11
@alchemy/x402^0.6.6@dexterai/x4022.1.0@x402/core^2.14.0@x402/extensions^2.14.0@x402/fetch^2.14.0cors^2.8.6dotenv^16.4.7express^4.21.2helmet^8.2.0viem^2.52.0zod^3.24.2
Optional dependencies2
better-sqlite3^11.8.1redis^4.7.1