Skip to content

feat: implement RFC npm#897 — npm approve-scripts review-report mode#1

Open
Copilot wants to merge 212 commits into
approveScripts-Reportfrom
copilot/implement-rfc-897-plan
Open

feat: implement RFC npm#897 — npm approve-scripts review-report mode#1
Copilot wants to merge 212 commits into
approveScripts-Reportfrom
copilot/implement-rfc-897-plan

Conversation

Copilot AI commented Jun 13, 2026

Copy link
Copy Markdown

feat: implement RFC npm#897 — npm approve-scripts review-report mode

Summary

Implements RFC #897: adds a first-class review-report mode to npm approve-scripts --allow-scripts-pending that turns the existing pending-script listing into a structured, auditable report suitable for human review or AI-assisted analysis.


Configuration & Arguments

--allow-scripts-report-format

Controls the output format when --allow-scripts-pending is used.

Value Description
markdown (default) Human-readable Markdown document — suitable for PR comments, file artifacts, or pasting into a code review
json Machine-readable JSON document — suitable for CI pipelines, dependency bots, or AI-assisted security review
null Opt out of the review report; falls back to the legacy compact plain-text listing

Usage:

# Default: Markdown report
npm approve-scripts --allow-scripts-pending

# Explicit Markdown
npm approve-scripts --allow-scripts-pending --allow-scripts-report-format=markdown

# JSON report
npm approve-scripts --allow-scripts-pending --allow-scripts-report-format=json

# Legacy plain-text listing (opt out of report)
npm approve-scripts --allow-scripts-pending --allow-scripts-report-format=null

# --json is an alias for --allow-scripts-report-format=json
npm approve-scripts --allow-scripts-pending --json

Notes:

  • --allow-scripts-report-format throws a usage error if specified without --allow-scripts-pending.
  • Setting a preferred format in .npmrc is silently ignored when --allow-scripts-pending is absent, so it does not interfere with normal approve/deny flows.
  • --json takes precedence over --allow-scripts-report-format unless --allow-scripts-report-format=null is explicitly passed.

The problem RFC npm#897 solves

npm approve-scripts --allow-scripts-pending already identifies which packages need approval and shows their lifecycle script commands, but it leaves developers to manually trace what those commands actually do. In practice this causes approval fatigue and reflexive approvals — especially for transitive dependencies whose names are unfamiliar. The RFC calls for a report mode that surfaces the concrete execution path: which files the scripts load, what risk signals appear in those files, how the package entered the dependency graph, and whether its scripts have changed since the last approved version. The goal is to turn approval from "do I trust this package name?" into "do I trust this specific code path?" and to produce auditable evidence that can be committed to a repository.

New review-report mode

Running npm approve-scripts --allow-scripts-pending now automatically generates a Markdown review report (the existing --json flag selects JSON output instead). The new --allow-scripts-report-format=null flag opt-out falls back to the legacy compact text listing. The --allow-scripts-report-format config option is gated behind --allow-scripts-pending and throws a usage error if specified without it.

For each pending package the report includes:

  • Dependency path — whether the dep is direct or transitive, and all graph paths through which it was introduced (up to 8 paths), built by walking arborist's edgesIn graph (dep-path-walker.js).
  • Change classification — whether the package is brand-new, a version upgrade from a previously approved entry, or a re-review of a version whose scripts changed (script-change-classifier.js).
  • Referenced files and risk signals — a static walk of the files that lifecycle scripts load (script-risk-scanner.js): the scanner parses each lifecycle command to find directly-referenced JS/shell files, then follows require()/import references up to 3 levels deep, reads each file in 64 KB chunks (with overlap to catch boundary-straddling patterns), hashes each file with SHA-256, and emits signals for patterns such as uses-child-process, network-access, references-credential-env-var, writes-outside-package, base64-decode-exec, obfuscation-pattern, jsfuck-obfuscation, and more. Files over 50 MB are partially scanned and flagged. The scanner never executes code and makes no network requests.
  • Native build info — for packages that reference node-gyp or binding.gyp, the scanner parses the binding.gyp file and extracts target names, source files, libraries, include directories, and whether conditional logic is present (gyp-scanner.js).
  • Formatted outputreview-report-formatter.js renders the collected data as a focused Markdown document with a risk summary section (highlighting HIGH_RISK_SIGNALS such as eval, VM, credential env vars, and obfuscation) and a "suggested focus areas" callout, or as a structured JSON object for programmatic consumption.

A standalone scripts/generate-allow-scripts-report.js script is also added to allow report generation outside the CLI (e.g. from CI scripts).

GitHub Actions demo workflow

.github/workflows/allow-scripts-demo.yml is added to exercise the new report mode on every PR that touches the relevant source files. It runs npm ci --ignore-scripts, generates both Markdown and JSON reports, validates the JSON output (asserting all listed packages have pending status), and posts a formatted summary comment to the PR with the full report embedded in collapsible sections.

Bug fix: bundleDependencies evasion in collectUnreviewedScripts

workspaces/arborist/lib/unreviewed-scripts.js previously skipped any node where node.inBundle was true. inBundle is set for any bundled dependency — including packages listed in the root project's own bundleDependencies. A root-project bundleDependencies entry is still fetched from the registry and installed normally; its lifecycle scripts will run. The guard is changed to node.inDepBundle, which is only true when the bundler is a non-root package (i.e. the dep is physically pre-built inside a third-party tarball). This closes the gap where a root-level bundled dep could silently bypass the unreviewed-scripts check and the approval workflow.

Smoke test and environment fixes

  • The approve-scripts-report smoke-test fixture adds "bundleDependencies": ["canvas"] to exercise the bundleDependencies evasion fix end-to-end.
  • smoke-tests/test/fixtures/setup.js now forwards NODE_EXTRA_CA_CERTS into spawned npm child processes so that smoke tests work correctly in environments with a custom CA certificate (e.g. enterprise CI).

Indicator detection improvements

Driven by analysis of indicator-suggestions.json deep scans across 20,000+ npm packages:

  • New bundled-binary-installer indicator — packages like @icp-sdk/ic-wasm that pre-bundle a platform binary inside the npm tarball and chmod +x it during postinstall are now classified under a dedicated bundled-binary-installer indicator (emitting the activates-bundled-binary signal), distinct from binary-downloader which is reserved for packages that fetch a binary from the network. Both indicators may fire together when a package both downloads and makes a binary executable. The makes-executable signal is the discriminator: a telemetry POST or JSON config download never needs to flip the execute bit.
  • binary-downloader is now strictly network-only — the makes-executable trigger has been removed from binary-downloader. It fires solely on command patterns (install-binary, download-binary, etc.) or the binary-download content signal (network fetch patterns detected in the install script).
  • source-downloader label corrected — renamed from "External source or binary downloader" to "Lifecycle script URL fetch" with an explicit low-confidence caveat. URL presence in lifecycle code does not by itself confirm a binary or source download; it may be a telemetry endpoint, CDN for config, or docs reference.
  • New obfuscated-install-script virtual indicator — triggered by the obfuscation-pattern signal. Packages whose install scripts contain obfuscated code patterns (eval+atob, jsfuck, etc.) are now surfaced as a distinct, named risk category rather than appearing as uncategorized build packages.
  • New dynamic-require-loader virtual indicator — triggered by the dynamic-require signal. Packages whose install scripts resolve require() calls at runtime from computed values are now classified separately, flagging a pattern that evades static analysis of the import graph.
  • hasBuildHint updated — the zero-I/O hint check returns true when makes-executable, obfuscation-pattern, or dynamic-require signals are among the signals on an already-scanned file, ensuring the full indicator scan is invoked for these packages.

Files changed

  • lib/utils/script-risk-scanner.js (new) — static file walker and signal detector for lifecycle script files
  • lib/utils/review-report-formatter.js (new) — Markdown and JSON report renderer
  • lib/utils/dep-path-walker.js (new) — arborist graph walker that computes all dependency paths from root to a node
  • lib/utils/gyp-scanner.js (new) — binding.gyp parser extracting native build targets and sources
  • lib/utils/script-change-classifier.js (new) — classifies whether a package's scripts changed relative to a previously approved version
  • lib/utils/indicator-definitions.js — new bundled-binary-installer indicator with activates-bundled-binary signal; new obfuscated-install-script virtual indicator (triggered by obfuscation-pattern signal); new dynamic-require-loader virtual indicator (triggered by dynamic-require signal); binary-downloader restricted to network-fetch detection only; source-downloader label corrected
  • lib/utils/indicator-scanner.jsdetectClues and hasBuildHint updated to handle makes-executable, obfuscation-pattern, and dynamic-require trigger signals
  • scripts/build-indicator-suggestions.js — trigger-flag serialisation list updated to include triggeredByObfuscationPatternSignal and triggeredByDynamicRequireSignal
  • scripts/generate-allow-scripts-report.js (new) — standalone report generator script
  • lib/utils/allow-scripts-cmd.js — wires the new utilities into the approve-scripts command; adds --allow-scripts-report-format param; adds runReviewReport()
  • workspaces/arborist/lib/unreviewed-scripts.js — fix inBundleinDepBundle to close bundleDependencies evasion
  • .github/workflows/allow-scripts-demo.yml (new) — CI demo workflow that generates and posts a report on PRs
  • smoke-tests/ — new fixture, smoke test, and CA cert forwarding fix
  • test/ — unit tests for all five new utility modules, new indicator trigger tests, and updates to existing command tests
  • docs/ — updated command docs and new RFC implementation plan document
  • workspaces/config/lib/definitions/definitions.js — new allow-scripts-report-format config definition
Copilot AI changed the title feat: implement RFC #897 — structured review reports for npm approve-scripts Jun 13, 2026
Copilot AI requested a review from vbjay June 13, 2026 17:36
Copilot finished work on behalf of vbjay June 13, 2026 17:36
Copilot finished work on behalf of vbjay June 13, 2026 17:43
@vbjay

vbjay commented Jun 13, 2026

Copy link
Copy Markdown
Owner

@copilot parseCommandFile is silently incomplete for shell pipelines. "node install.js && node patch.js" only finds install.js. Since lifecycle scripts often chain commands, this could silently miss referenced files. Consider adding a signals: ['multi-command-script'] hint so reviewers know the scan is partial. If multiple commands then check each command and build distinct list from all commands the file references and such.

SIGNAL_PATTERNS for uses-child-process only detects require('child_process') — not ESM import { exec } from 'child_process'. The import regex (LOCAL_IMPORT_FROM_RE) only handles relative paths, so bare import { exec } from 'child_process' goes undetected. This is a gap given the feature's security focus.

dep-path-walker.js accesses arborist internals directly (node.edgesIn, node.package, node.isProjectRoot, etc.). These aren't part of a stable public API. Not a blocker, try to reimplement with known public apis but if you can't then add a comment saying so.
scanPackageScripts could call getInstallScripts(node) instead of accepting raw scripts — the caller in allow-scripts-cmd.js passes the scripts already from checkAllowScripts. This is actually fine as-is since it avoids a second disk read, but the fact that install-scripts.js also synthesizes node-gyp rebuild (which scanPackageScripts would handle via the native-build signal pattern anyway) means both paths converge correctly.

resolveLocalRef doesn't read package.json#main — e.g., require('./lib') where lib/package.json has "main": "build/index.js" won't be followed. Fix this.

Copilot finished work on behalf of vbjay June 13, 2026 17:56
Copilot AI changed the title feat(approve-scripts): RFC #897 — structured review reports for pending lifecycle scripts Jun 13, 2026
Copilot finished work on behalf of vbjay June 13, 2026 18:06
Copilot finished work on behalf of vbjay June 13, 2026 18:10
Copilot AI changed the title fix(script-risk-scanner): pipeline scanning, ESM child_process detection, package.json#main resolution Jun 13, 2026
Copilot finished work on behalf of vbjay June 13, 2026 18:28
Copilot AI changed the title Add JSFuck detector, inline command scanner, and git committish length validation Jun 13, 2026
Copilot finished work on behalf of vbjay June 13, 2026 18:37
Copilot AI changed the title fix(script-risk-scanner): scan node --require/-r and --import preload files in lifecycle scripts Jun 13, 2026
Copilot finished work on behalf of vbjay June 13, 2026 18:45
Copilot AI changed the title fix(script-risk-scanner): close 8 bypass gaps that let lifecycle scripts hide Jun 13, 2026
Copilot finished work on behalf of vbjay June 13, 2026 18:58
vbjay and others added 12 commits June 25, 2026 18:59
Replace 5-concurrent-worker pool (effectively ~33 req/s) with a simple
serial loop with 500ms between each scoped request (~2 req/s).
api.npmjs.org rate-limits individual scoped lookups more aggressively
than the bulk non-scoped batch endpoint.

645 stale scoped packages at 500ms/each = ~5 min, acceptable tradeoff
vs repeated 30s 429 backoffs which take much longer total.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
When a candidate is added with a weekly download count from search
results, set downloadsFetchedAt to now so the Downloads drain doesn't
immediately re-classify it as stale (null timestamp → epoch → age
always exceeds 7-day TTL).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
When a newer version is added alongside an existing entry, compare their
lifecycle scripts and emit a unified-diff-style block:

  -- pkg@1.2.0
  ++ pkg@1.3.0
  - install: node install.js
  + install: node install.js --fetch-binary
    postinstall: node verify.js (unchanged — shown as context)

Hooks are ordered by lifecycle execution order (LIFECYCLE_HOOKS array) so
preinstall always precedes install. Each hook is matched by name so a
changed script shows as a -/+ pair, not a spurious remove + add. Returns
null (no output) when scripts are identical.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Several comments said 'bare requires' only. Updated all of them to be
explicit that findBareRefs() matches three forms:
  - require('pkg')           (CJS)
  - import ... from 'pkg'    (ESM static)
  - import('pkg')            (ESM dynamic)

No code changes — comment-only update.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…fill --top quota

Previously, if version-recheck candidates in the pre-search drain
satisfied newThisRun >= topN, done=true was set before the search loop
and no registry search pages were ever fetched that run.

Fix: introduce hasSearched (starts false when topN > 0 and not resuming)
and change the outer while condition to:

  while (!done || !hasSearched)

hasSearched is set at the top of the loop body.  The inner for-loop
similarly allows one query through even when done=true via:

  !done || !passQueried

This ensures at least one query and one search page fires per run
regardless of how many version upgrades were processed.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…nal reverify

Phase 1 (initial full fetch — always):
  Walk every manifest. Fetch missing/stale caches and collect cross-package
  require()/import deps as new candidates. Verifies all pre-existing packages.

Phase 2 (targeted BFS — only when new deps found):
  Drain discovered candidates into manifests, then deep-fetch only those new
  arrivals (caches all missing). Repeat until stable. The original ~7000
  already-verified packages are NOT re-walked each BFS round.

Phase 3 (final reverification — only when phase 2 ran):
  One more full fetch confirming the complete set (old + new) is cached before
  the scan. Skipped when phase 1 discovered nothing — it already verified all.

Common case: 1 full pass + DeepScan. Discovery case: 1 full + k targeted + 1 reverify.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add DEFAULT_ADD_PACKAGES constant in build-indicator-suggestions.js:
  9router, cross-env, cross-spawn, shelljs,
  gulp/grunt/jake/nps/wireit/taskr/nake (task runners),
  esbuild/rollup/vite/webpack/parcel/tsup/unbuild (bundlers),
  brunch/broccoli/fuse-box/snowpack (older bundlers),
  nx/turborepo/lerna (monorepo tools)

These are injected as candidates on every run (skipped if already in
store).  User --add names are merged on top, deduped.

Add 'platform-specific-script' signal to SIGNAL_PATTERNS:
  Fires when install-time code branches on the host OS via:
    process.platform, os.platform(), os.type(), uname, %OS%,
    cross-env, if-env, per-env
  Packages that behave differently per-OS warrant closer review.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
… downloaders

Added 15 packages confirmed via live npm registry data (June 2026) to
have lifecycle scripts that fetch binaries or compile native code:

  @swc/core       36.8M/wk  postinstall — NAPI binding selector
  @parcel/watcher 28.8M/wk  install     — prebuilt || build from source
  @sentry/cli     19.4M/wk  postinstall — GitHub Releases CLI binary
  prisma          13.6M/wk  preinstall  — version compat check
  puppeteer       11.0M/wk  postinstall — Chromium download (~170MB)
  better-sqlite3   7.7M/wk  install     — prebuild-install || node-gyp
  canvas           7.2M/wk  install     — prebuild-install || node-gyp
  cypress          7.1M/wk  postinstall — test runner binary download
  bcrypt           5.5M/wk  install     — node-gyp-build
  electron         4.7M/wk  install     — full Electron binary (~150MB)
  lefthook         2.6M/wk  postinstall — GitHub Releases binary
  sqlite3          2.4M/wk  install     — prebuild-install || node-gyp
  ffmpeg-static    1.2M/wk  install     — ffmpeg/ffprobe static binary
  node-sass        934K/wk  install+post — libsass (deprecated, still used)
  @tensorflow/tfjs-node 113K/wk install — TF C binary via node-pre-gyp

Also adds inline download-count comments to all binary downloader entries
so the list self-documents why each package is included.

Research note: no public aggregate site lists packages by lifecycle script.
Socket.dev /category/install-scripts returns 404. The npm CouchDB stream
(which this tool already uses) is the best available programmatic source.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…known high-download packages

npm's registry search API requires a non-empty text parameter; there is no
pure popularity-ranking endpoint. Remove the 'popularity:top' sentinel (which
produced HTTP 400 errors) and rely instead on DEFAULT_ADD_PACKAGES — a curated
seed list of ~33 known high-download packages with lifecycle/binary-download
scripts (esbuild, @swc/core, cypress, node-gyp, etc.) — to ensure they are
always evaluated even if keyword-based searches never surface them.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ty hash

Both the packages/resume cache and the final output file are now written as:
  { "hash": "sha256:<hex>", "data": { ...payload... } }

Hash is computed over JSON.stringify(data) prefixed with a type-scoped seed:
  CACHE_HASH_SEED  = "npm-build-pkg-cache-v1"
  OUTPUT_HASH_SEED = "npm-build-output-v1"

Using a type-scoped seed detects file-type swaps (e.g. cache copied over output).
loadPackageCache() recomputes on read and discards on mismatch rather than
silently loading corrupt or tampered data. Legacy unwrapped files (no hash
field) are still accepted so existing caches migrate gracefully on next write.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add META_HASH_SEED = "npm-build-deep-meta-v1" and wrap all three .meta.json
write sites (fetch, scan, resolvedFollows patch) with wrapWithHash().
All three read sites are updated to unwrap and verify before use; a mismatch
or missing data discards the entry so the package is re-fetched/re-scanned.
Legacy unwrapped .meta.json files are still accepted for a graceful migration.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions

Copy link
Copy Markdown

✅ PASS — approve-scripts smoke report

All packages with lifecycle scripts are correctly identified as pending approval.

Package Type Status Top risks
@mongodb-js/zstd@7.0.0 direct ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
@playwright/browser-chromium@1.60.0 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
@playwright/browser-firefox@1.60.0 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
@playwright/browser-webkit@1.60.0 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
better-sqlite3@12.11.1 transitive ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
esbuild@0.28.1 transitive ⏳ pending uses child_process (can spawn external commands), makes network requests, contains dense hex-escape sequences (obfuscation indicator)
kerberos@7.0.0 direct ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
nx@22.7.5 transitive ⏳ pending may write outside the package directory, uses child_process (can spawn external commands), runs npm/yarn/pnpm install as a child process at install time (second-stage install — may pull arbitrary packages with scripts enabled)
puppeteer@24.36.1 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity), runs npm/yarn/pnpm install as a child process at install time (second-stage install — may pull arbitrary packages with scripts enabled)
sqlite3@6.0.1 direct ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
unrs-resolver@1.12.2 transitive ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
📦 Download full reports (zip)
@github-actions

Copy link
Copy Markdown

✅ SUCCESS — indicator-suggestions deep scan

Command: node scripts/build-indicator-suggestions.js --add 9router --top 100 --deep

Full scan output (stdout + stderr)

��� npm indicator-suggestions builder
   out:      /home/runner/work/npm-cli/npm-cli/indicator-suggestions.json
   packages: /home/runner/work/npm-cli/npm-cli/indicator-suggestions.packages.json (permanent store)
   resume:   /home/runner/work/npm-cli/npm-cli/indicator-suggestions.tmp.json  (deleted on success)
   deep:     /home/runner/work/npm-cli/npm-cli/indicator-suggestions.deep  (indicator files cached by name@version)
             with: /home/runner/work/npm-cli/npm-cli/lib/utils/indicator-scanner.js

Loading package data...
  (no existing data — fresh run, targeting 100 packages)

  query order: addon, native, cli, wasm, npm, node, javascript, build, react-native, android, rust
Steps 1–3/5: Scanning popular packages for lifecycle scripts...
  (target: 100 more packages with lifecycle scripts)
  (skipping 0 already-scanned names)
  (first run — recorded changes seq 116,673,543; next run will filter)

  + injected candidate: 9router
  + injected candidate: @swc/core
  ? probing alternate form: core
  + injected candidate: core  (alternate form of '@swc/core')
  + injected candidate: @parcel/watcher
  ? probing alternate form: watcher
  + injected candidate: watcher  (alternate form of '@parcel/watcher')
  + injected candidate: @sentry/cli
  ? probing alternate form: cli
  + injected candidate: cli  (alternate form of '@sentry/cli')
  + injected candidate: prisma
  + injected candidate: puppeteer
  + injected candidate: better-sqlite3
  + injected candidate: canvas
  + injected candidate: cypress
  + injected candidate: bcrypt
  + injected candidate: electron
  + injected candidate: lefthook
  + injected candidate: sqlite3
  + injected candidate: ffmpeg-static
  + injected candidate: node-sass
  + injected candidate: @tensorflow/tfjs-node
  ? probing alternate form: tfjs-node
  + injected candidate: tfjs-node  (alternate form of '@tensorflow/tfjs-node')
  + injected candidate: cross-env
  + injected candidate: cross-spawn
  + injected candidate: shelljs
  + injected candidate: gulp
  + injected candidate: gulp-cli
  + injected candidate: grunt
  + injected candidate: grunt-cli
  + injected candidate: jake
  + injected candidate: just-task
  + injected candidate: nps
  + injected candidate: wireit
  + injected candidate: taskr
  + injected candidate: nake
  + injected candidate: esbuild
  + injected candidate: rollup
  + injected candidate: vite
  + injected candidate: webpack
  + injected candidate: parcel
  + injected candidate: tsup
  + injected candidate: unbuild
  + injected candidate: brunch
  + injected candidate: broccoli
  + injected candidate: fuse-box
  + injected candidate: snowpack
  + injected candidate: nx
  + injected candidate: turborepo
  + injected candidate: lerna

Step 3.25/5: Processing 47 candidates...

  Candidates: fetching 47...
    [47/47] checked, 21 new, 0 version updates
    ✓ +21 of 47 candidates (21 in store, 44.7% hit rate)
    checkpoint saved — ready to refill

  query: keywords:addon
    fetching offset=0...
    p1 offset=0 fetch=195ms | +250 new names, 0 seen-skips | 250 candidates, 21 in store
    saving checkpoint...
                       
    fetching offset=250...
    p2 offset=250 fetch=341ms | +250 new names, 0 seen-skips | 500 candidates, 21 in store
    saving checkpoint...
                       
  Candidates: fetching 500...
    [50/500] checked, 12 new, 0 version updates
    [100/500] checked, 28 new, 0 version updates
    [150/500] checked, 46 new, 0 version updates
    [200/500] checked, 61 new, 0 version updates
    [250/500] checked, 73 new, 0 version updates
    [300/500] checked, 85 new, 0 version updates
    [350/500] checked, 95 new, 0 version updates
    [400/500] checked, 113 new, 0 version updates
    [450/500] checked, 131 new, 0 version updates
    [500/500] checked, 148 new, 0 version updates
    [500/500] checked, 148 new, 0 version updates
    ✓ +148 of 500 candidates (169 in store, 29.6% hit rate)
    checkpoint saved — ready to refill
  checkpoint: 169 packages, 547 seen — saved

  ✓ search complete: 500 names examined this run (547 unique in seen-set)

Step 3.5/4: Expanding scoped packages with unscoped peers...
  checking 49 bare names...
  49 of 49 peers exist — added to candidates

  Candidates: fetching 49...
    [49/49] checked, 4 new, 0 version updates
    ✓ +4 of 49 candidates (173 in store, 8.2% hit rate)
    checkpoint saved — ready to refill
Step 4/5: Deep scanning packages via unpkg...
  ├─ pass 1 (initial full fetch): all 173 packages...

  DeepFetch (reverify): 173 packages (173 new)...
    scanning 9router@0.5.8...
    scanning @swc/core@1.15.43...
    scanning @parcel/watcher@2.5.6...
    scanning prisma@7.8.0...
    scanning @sentry/cli@3.5.1...
    scanning puppeteer@25.2.1...
    scanning better-sqlite3@12.11.1...
    scanning cypress@15.18.0...
    scanning lefthook@2.1.9...
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm-eabi@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm64@1.3.11/package.json
    scanning canvas@3.2.3...
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-freebsd-x64@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/puppeteer@25.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/xvfb@1.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/bluebird@3.7.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/common-tags@1.8.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/chalk@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/arch@2.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/lodash@4.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/ospath@1.2.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/ci-info@4.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/log-symbols@4.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/systeminformation@5.31.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/cachedir@2.4.0/package.json
    scanning bcrypt@6.0.0...
  ↩️  HTTP 302 → https://unpkg.com/supports-color@8.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-installed-globally@0.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/fs-extra@9.1.0/package.json
    scanning sqlite3@6.0.1...
  ↩️  HTTP 302 → https://unpkg.com/untildify@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/executable@4.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/commander@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/dayjs@1.11.21/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/request@4.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/request-progress@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/listr2@9.0.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/yauzl@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/tmp@0.2.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/pretty-bytes@5.6.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cypress@15.18.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/minimist@1.2.8/package.json
      + discovered @cypress/xvfb@1.2.4
      + discovered bluebird@3.7.2
      + discovered common-tags@1.8.2
      + discovered debug@4.4.3
      + discovered chalk@4.1.2
      + discovered lodash@4.18.1
      + discovered arch@2.2.0
      + discovered hasha@5.2.2
      + discovered execa@4.1.0
      + discovered ospath@1.2.2
      + discovered ci-info@4.4.0
      + discovered log-symbols@4.1.0
      + discovered cachedir@2.4.0
      + discovered systeminformation@5.31.11
      + discovered supports-color@8.1.1
      + discovered is-installed-globally@0.4.0
      + discovered fs-extra@9.1.0
      + discovered cli-table3@0.6.1
      + discovered executable@4.1.1
      + discovered untildify@4.0.0
      + discovered commander@6.2.1
      + discovered dayjs@1.11.21
      + discovered @cypress/request@4.0.1
      + discovered request-progress@3.0.0
      + discovered proxy-from-env@1.0.0
      + discovered listr2@9.0.5
      + discovered tree-kill@1.2.2
      + discovered yauzl@3.4.0
      + discovered tmp@0.2.7
      + discovered pretty-bytes@5.6.0
      + discovered minimist@1.2.8
    scanning ffmpeg-static@5.3.0...
    scanning node-sass@9.0.0...
    scanning @tensorflow/tfjs-node@4.22.0...
      + discovered @swc/core-win32-x64-msvc@1.15.43
      + discovered @swc/core-win32-ia32-msvc@1.15.43
      + discovered @swc/core-android-arm64@1.3.11
      + discovered @swc/core-android-arm-eabi@1.3.11
      + discovered @swc/core-darwin-arm64@1.15.43
      + discovered @swc/core-freebsd-x64@1.3.11
      + discovered @swc/core-linux-x64-gnu@1.15.43
      + discovered @swc/core-linux-arm64-musl@1.15.43
      + discovered @swc/core-linux-arm64-gnu@1.15.43
      + discovered @swc/core-linux-arm-gnueabihf@1.15.43
      + discovered @swc/core-linux-ppc64-gnu@1.15.43
      + discovered @swc/core-linux-s390x-gnu@1.15.43
      + discovered @swc/core-linux-x64-musl@1.15.43
      + discovered @swc/core-darwin-x64@1.15.43
      + discovered @swc/core-win32-arm64-msvc@1.15.43
    scanning wireit@0.14.13...
    scanning esbuild@0.28.1...
    scanning rollup@4.62.2...
  ↩️  HTTP 302 → https://unpkg.com/@derhuerst/http-basic@8.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/env-paths@2.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@5.0.1/package.json
      + discovered @derhuerst/http-basic@8.2.4
      + discovered env-paths@2.2.1
      + discovered progress@2.0.3
      + discovered https-proxy-agent@5.0.1
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@2.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/tar@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
  ↩️  HTTP 302 → https://unpkg.com/rimraf@2.7.1/package.json
      + discovered https-proxy-agent@2.2.4
      + discovered adm-zip@0.5.17
      + discovered tar@6.2.1
      + discovered rimraf@2.7.1
  ↩️  HTTP 302 → https://unpkg.com/make-fetch-happen@10.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/cross-spawn@7.0.6/package.json
      + discovered make-fetch-happen@10.2.1
      + discovered cross-spawn@7.0.6
    scanning webpack@5.108.0...
    scanning unbuild@3.6.1...
    scanning nx@23.0.1...
    scanning chromatic@17.7.1...
    scanning publish-browser-extension@4.0.5...
    scanning zeromq@6.5.0...
    scanning storybook-addon-deep-controls@0.10.0...
    scanning storycap@5.0.1...
    scanning @storybook/addon-console@3.0.0...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/bin/post-install.js
    scanning @etchteam/storybook-addon-status@8.1.0...
    scanning @storybook/addon-options@5.3.21...
    scanning @storybook/addon-info@5.3.21...
    scanning storybook-addon-swc@1.2.0...
    scanning storybook-addon-themes@6.1.0...
      + discovered cmake-ts@1.0.2
    scanning @storybook/addon-notes@5.3.21...
    scanning storybook-addon-turbo-build@2.0.1...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/native/index.js
    scanning @focus-reactive/react-yaml@1.1.2...
    scanning @react-theming/storybook-addon@1.1.10...
    scanning @storybook/addon-centered@5.3.21...
    scanning storybook-addon-styled-component-theme@2.0.0...
    scanning @storybook/addon-devkit@1.4.2...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/project-graph/plugins/index.js
    scanning storybook-addon-next@1.8.0...
    scanning @storybook/addon-ondevice-knobs@7.6.20...
    scanning storybook-addon-material-ui@0.9.0-alpha.24...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/executors/run-commands/run-commands.impl.js
  ↩️  HTTP 302 → https://unpkg.com/chalk@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/npmlog@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/shelljs@0.8.5/package.json
      + discovered chalk@3.0.0
      + discovered npmlog@4.1.2
      + discovered shelljs@0.8.5
    scanning storybook-multilevel-sort@2.1.0...
    scanning storybook-zeplin@4.0.1...
    scanning storycapture@9.0.0...
    scanning electron-click-drag-plugin@2.0.2...
    scanning @urql/storybook-addon@2.0.1...
  ↩️  HTTP 302 → https://unpkg.com/nx@23.0.1/package.json
    scanning @prantlf/storycap@8.1.1...
    scanning socketcan@4.2.2...
  ↩️  HTTP 302 → https://unpkg.com/typescript@6.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/packages@0.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular/build@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/ts-node@10.9.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular-devkit/build-angular@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc-node/register@1.11.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/target@0.0.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/key@5.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/devkit@23.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/powerpack-license@5.0.8/package.json
      + discovered tslib@2.8.1
      + discovered lines-and-columns@2.0.3
      + discovered jsonc-parser@3.3.1
      + discovered picocolors@1.1.1
      + discovered @zkochan/js-yaml@0.0.7
      + discovered dotenv@16.4.7
      + discovered axios@1.16.0
      + discovered ora@5.4.1
      + discovered cli-cursor@3.1.0
      + discovered cli-spinners@2.6.1
      + discovered tar-stream@2.2.0
      + discovered figures@3.2.0
      + discovered @napi-rs/wasm-runtime@0.2.4
      + discovered @nx/nx-win32-x64-msvc@23.0.1
      + discovered @nx/nx-win32-arm64-msvc@23.0.1
      + discovered @nx/nx-darwin-x64@23.0.1
      + discovered @nx/nx-darwin-arm64@23.0.1
      + discovered @nx/nx-freebsd-x64@23.0.1
      + discovered @nx/nx-linux-x64-musl@23.0.1
      + discovered @nx/nx-linux-x64-gnu@23.0.1
      + discovered @nx/nx-linux-arm64-musl@23.0.1
      + discovered @nx/nx-linux-arm64-gnu@23.0.1
      + discovered @nx/nx-linux-arm-gnueabihf@23.0.1
      + discovered minimatch@10.2.5
      + discovered dotenv-expand@12.0.3
      + discovered string-width@4.2.3
      + discovered cliui@8.0.1
      + discovered typescript@6.0.3
      + discovered resolve.exports@2.0.3
      + discovered packages@0.0.8
      + discovered flat@5.0.2
      + discovered @angular/build@22.0.4
      + discovered tsconfig-paths@4.2.0
      + discovered @angular-devkit/build-angular@22.0.4
      + discovered @swc-node/register@1.11.1
      + discovered ts-node@10.9.2
      + discovered ignore@7.0.5
      + discovered yaml@2.9.0
      + discovered @nx/devkit@23.0.1
      + discovered semver@7.7.4
      + discovered npm-run-path@4.0.1
      + discovered yargs-parser@21.1.1
      + discovered @nx/key@5.0.8
      + discovered target@0.0.2
      + discovered enquirer@2.3.6
      + discovered @nx/powerpack-license@5.0.8
    scanning zmq@2.15.3...
    scanning @storybook/addon-google-analytics@6.2.9...
    scanning @storybook/addon-events@6.2.9...
    scanning segfault-raub@3.2.0...
    scanning storybook-addon-launchdarkly@5.0.0...
    [50] processed
    scanning storybook-vscode-component@1.0.9...
    scanning storybook-addon-i18n@5.1.13...
    scanning storybook-color-picker@4.0.0...
    scanning @storybook/addon-design-assets@6.2.9...
    scanning smart-whisper@0.8.1...
    scanning node-crc16@2.0.7...
  ↩️  HTTP 301 → https://unpkg.com/segfault-raub@3.2.0/install.js
    scanning storybook-addon-material-ui5@1.0.0...
    scanning @pbutlewski/storybook-html@5.0.2...
    scanning creevey@0.11.4...
  ↩️  HTTP 302 → https://unpkg.com/addon-tools-raub@9.3.0/package.json
      + discovered addon-tools-raub@9.3.0
    scanning @avalane/storybook-addon-status@5.0.1...
    scanning @storybook/addon-graphql@6.2.9...
    scanning @julusian/segfault-raub@2.3.3...
    scanning nanomsg@4.2.1...
    scanning @pshenmic/zeromq@6.0.0-beta.22...
    scanning kythia-core@26.1.1...
    scanning @storybook/addon-parameter@6.2.9...
    scanning @focus-reactive/storybook-graphql-kit@1.0.2...
    scanning @focus-reactive/storybook-addon-graphcms@1.3.0...
    scanning @carbon/storybook-addon-theme@2.27.0...
    scanning @storybook/addon-roundtrip@6.2.9...
    scanning @addon-core/browser@0.6.0...
    scanning storybook-addon-jsdoc-to-mdx@1.2.0...
    scanning @storybook/addon-decorator@6.2.9...
    scanning @addon-core/storage@0.6.0...
    scanning memoryjs@3.5.1...
    scanning native-hello-world@2.0.0...
    scanning @lordofdestiny/mynumber@1.5.4...
    scanning @mcesystems/zeromq@6.0.0-beta.6...
    scanning adnbn@0.7.0...
    scanning xterm-link-provider@2.0.0...
    scanning @ktamas77/abletonlink@1.2.3...
    scanning @storybook/addon-preview-wrapper@6.2.9...
    scanning node_or_tools@1.3.0...
    scanning process-audio-capture@1.0.14...
    scanning @jamiephan/casclib@0.1.0...
    scanning @component-controls/storybook@3.15.0...
  ↩️  HTTP 302 → https://unpkg.com/semver@7.8.5/package.json
      + discovered semver@7.8.5
    scanning @amigo9090/ih-libiec61850-node@1.0.73...
    scanning @jamiephan/stormlib@0.1.0...
    scanning qminer@9.4.0...
    scanning @etchteam/storybook-addon-marker@7.0.0...
    scanning gst-kit@0.2.8...
    scanning wsjtx-lib@2.1.3...
    scanning @kastov/node-supervisord@2.0.4...
    scanning storybook-addon-react-live-edit@2.0.4...
    scanning @component-controls/axe-plugin@4.0.3...
    scanning @addon-core/inject-script@0.3.1...
    scanning simplified-mojang-api@0.0.49...
    scanning spawnpack@0.1.8...
    scanning @wealthfolio/addon-sdk@3.5.1...
    scanning @hitrading/ctp-node@2.0.0...
    [100] processed
    scanning sbffi@1.0.4...
    scanning rebory@0.2.10...
    scanning @component-controls/viewport-plugin@4.0.3...
    scanning netlinkwrapper@2.0.2...
    scanning civetkern@0.3.6...
    scanning sharedpubsub@2.0.1...
    scanning node-luajit@3.0.0...
    scanning @component-controls/jest-snapshots@3.4.5...
    scanning storybook-addon-emotion-theme@2.1.1...
    scanning @component-controls/addon-stats@4.0.3...
    scanning node-native-win-utils@2.2.3...
    scanning storybook-addon-scratchpad@0.1.2...
    scanning node-rar@0.0.2...
    scanning @linuxcnc-node/hal@2.2.2...
    scanning filesystem-utilities@7.5.0...
    scanning @bedrock-core/cli@0.8.2...
    scanning @procore/storybook-addon@5.0.0...
    scanning smart-whisper-electron@0.8.2...
    scanning @nodots/gnubg-hints@1.0.4...
    scanning pwuid@2.0.0...
    scanning rapidx2j@0.8.0...
    scanning k2hash@2.0.6...
    scanning extension-fs@7.1.0...
    scanning deps-opengl-raub@7.2.0...
    scanning node-gyp-hw@1.1.21...
    scanning @paymoapp/real-idle@1.1.2...
    scanning @linuxcnc-node/gcode@2.2.2...
    scanning @etchteam/storybook-addon-github-link@2.0.0...
  ↩️  HTTP 301 → https://unpkg.com/deps-opengl-raub@7.2.0/install.js
    scanning @vlad-fresha/segfault-raub@2.10.0...
  ↩️  HTTP 302 → https://unpkg.com/addon-tools-raub@9.3.0/package.json
    scanning zip-node-addon@0.0.11...
    scanning xdhqznd@2018.4.14...
    scanning sbffi2@1.0.5...
    scanning @component-controls/storybook-custom-docs@3.14.6...
    scanning k2hdkc@2.0.4...
    scanning glfw-raub@6.4.0...
    scanning webgl-raub@5.3.0...
    scanning mysql-libmysqlclient@1.6.0...
    scanning npool@1.4.7...
  ↩️  HTTP 301 → https://unpkg.com/glfw-raub@6.4.0/install.js
  ↩️  HTTP 301 → https://unpkg.com/webgl-raub@5.3.0/install.js
  ↩️  HTTP 302 → https://unpkg.com/addon-tools-raub@9.3.0/package.json
    scanning node-supervisord@1.0.6-rc.2...
    scanning @ably/zeromq@6.0.0-beta.ably.3...
    scanning @aminya/zeromq@5.2.16...
    scanning shield-studies-addon-utils@6.0.0...
    scanning @alibaba-aero/storybook-addon-docs@6.2.0-alpha.0...
    scanning cypher-parser@0.1.14...
  ↩️  HTTP 302 → https://unpkg.com/addon-tools-raub@9.3.0/package.json
    scanning macos-haptic@1.0.0...
    scanning storybook-addon-multi-theme@0.0.9...
    scanning @tianwei_wu/node-addon-napi-demo@1.0.5...
    scanning @nodots-llc/gnubg-hints@4.6.2...
    scanning not-albertsgrc@1.5.0...
    scanning lighthouse-unit-converter@1.0.9...
    [150] processed
    scanning chmpx@2.0.4...
    scanning libmill@0.4.0...
    scanning deps-labsound-raub@6.0.0...
    scanning iojs-nanomsg@1.1.11...
    scanning storybook-addon-knobs-color-options@6.2.0-rc.2...
    scanning deps-freeimage-raub@6.2.0...
    scanning node-rcheevos@1.0.2...
  ↩️  HTTP 301 → https://unpkg.com/deps-labsound-raub@6.0.0/install.js
    scanning deps-bullet-raub@4.0.0...
    scanning puerts@0.3.1...
    scanning occt-gltf-addon@0.1.15...
  ↩️  HTTP 301 → https://unpkg.com/deps-freeimage-raub@6.2.0/install.js
  ↩️  HTTP 302 → https://unpkg.com/addon-tools-raub@9.3.0/package.json
    scanning ih-lib60870-node@1.0.75...
    scanning screencapturekit-audio-capture@1.3.6...
  ↩️  HTTP 301 → https://unpkg.com/deps-bullet-raub@4.0.0/install.js
  ↩️  HTTP 302 → https://unpkg.com/addon-tools-raub@9.3.0/package.json
    scanning phash-image@3.5.0...
    scanning bmad-method-odoo@1.1.7...
  ↩️  HTTP 302 → https://unpkg.com/addon-tools-raub@9.3.0/package.json
    scanning iswasmfast@0.0.13...
    scanning storybook-html@4.1.3-beta.1...
    scanning abletonlink@0.2.0-beta.0...
    scanning casclib@1.0.4...
  ↩️  HTTP 302 → https://unpkg.com/tar@7.5.17/package.json
      + discovered tar@7.5.17
    scanning stormlib@0.0.3...
  ↩️  HTTP 302 → https://unpkg.com/fs-extra@11.3.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/chalk@4.1.2/package.json
      + discovered fs-extra@11.3.5
  ↩️  HTTP 302 → https://unpkg.com/npmlog@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/shelljs@0.8.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/chalk@2.4.2/package.json
      + discovered chalk@2.4.2
    ✓ 173 packages processed, 111 new candidates queued
    checkpoint saved

  ├─ draining 111 discovered packages...

  Candidates: fetching 111...
    [50/111] checked, 2 new, 0 version updates
    [100/111] checked, 7 new, 0 version updates
    [111/111] checked, 9 new, 0 version updates
    ✓ +9 of 111 candidates (182 in store, 8.1% hit rate)
    checkpoint saved — ready to refill
  ├─ pass 2 (discovered only): none queued yet...

  DeepFetch (discovery): 182 packages (182 cache invalidated — re-fetching)...
    scanning 9router@0.5.8...
    scanning @swc/core@1.15.43...
    scanning @parcel/watcher@2.5.6...
    scanning prisma@7.8.0...
    scanning @sentry/cli@3.5.1...
    scanning puppeteer@25.2.1...
    scanning better-sqlite3@12.11.1...
    scanning cypress@15.18.0...
    scanning lefthook@2.1.9...
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm64@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm-eabi@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-freebsd-x64@1.3.11/package.json
    scanning canvas@3.2.3...
  ↩️  HTTP 302 → https://unpkg.com/puppeteer@25.2.1/package.json
    scanning bcrypt@6.0.0...
    scanning sqlite3@6.0.1...
    scanning ffmpeg-static@5.3.0...
  ↩️  HTTP 302 → https://unpkg.com/common-tags@1.8.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/commander@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/lodash@4.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/log-symbols@4.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/fs-extra@9.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/chalk@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/dayjs@1.11.21/package.json
  ↩️  HTTP 302 → https://unpkg.com/bluebird@3.7.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/request@4.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/listr2@9.0.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/request-progress@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/yauzl@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/pretty-bytes@5.6.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/xvfb@1.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/arch@2.2.0/package.json
    scanning node-sass@9.0.0...
    scanning @tensorflow/tfjs-node@4.22.0...
  ↩️  HTTP 302 → https://unpkg.com/ospath@1.2.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/ci-info@4.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cachedir@2.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/executable@4.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/supports-color@8.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-installed-globally@0.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/systeminformation@5.31.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/untildify@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/tmp@0.2.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/cypress@15.18.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/minimist@1.2.8/package.json
    scanning wireit@0.14.13...
    scanning esbuild@0.28.1...
    scanning rollup@4.62.2...
  ↩️  HTTP 302 → https://unpkg.com/env-paths@2.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@5.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@derhuerst/http-basic@8.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@2.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/tar@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
    scanning webpack@5.108.0...
  ↩️  HTTP 302 → https://unpkg.com/make-fetch-happen@10.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/rimraf@2.7.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/cross-spawn@7.0.6/package.json
    scanning unbuild@3.6.1...
    scanning nx@23.0.1...
    scanning chromatic@17.7.1...
    scanning publish-browser-extension@4.0.5...
    scanning zeromq@6.5.0...
    scanning storybook-addon-deep-controls@0.10.0...
    scanning storycap@5.0.1...
    scanning @storybook/addon-console@3.0.0...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/bin/post-install.js
    scanning @etchteam/storybook-addon-status@8.1.0...
    scanning @storybook/addon-options@5.3.21...
    scanning @storybook/addon-info@5.3.21...
    scanning storybook-addon-swc@1.2.0...
    scanning storybook-addon-themes@6.1.0...
    scanning @storybook/addon-notes@5.3.21...
    scanning storybook-addon-turbo-build@2.0.1...
    scanning @focus-reactive/react-yaml@1.1.2...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/native/index.js
    scanning @react-theming/storybook-addon@1.1.10...
    scanning @storybook/addon-centered@5.3.21...
    scanning storybook-addon-styled-component-theme@2.0.0...
    scanning @storybook/addon-devkit@1.4.2...
    scanning storybook-addon-next@1.8.0...
    scanning @storybook/addon-ondevice-knobs@7.6.20...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/project-graph/plugins/index.js
  ↩️  HTTP 302 → https://unpkg.com/shelljs@0.8.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/chalk@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/npmlog@4.1.2/package.json
    scanning storybook-addon-material-ui@0.9.0-alpha.24...
    scanning storybook-multilevel-sort@2.1.0...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/executors/run-commands/run-commands.impl.js
    scanning storybook-zeplin@4.0.1...
    scanning storycapture@9.0.0...
    scanning electron-click-drag-plugin@2.0.2...
    scanning @urql/storybook-addon@2.0.1...
    scanning @prantlf/storycap@8.1.1...
    scanning socketcan@4.2.2...
    scanning zmq@2.15.3...
  ↩️  HTTP 302 → https://unpkg.com/nx@23.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/packages@0.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular/build@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc-node/register@1.11.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular-devkit/build-angular@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/ts-node@10.9.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/target@0.0.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/devkit@23.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/key@5.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/powerpack-license@5.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/typescript@6.0.3/package.json
    scanning @storybook/addon-google-analytics@6.2.9...
    scanning @storybook/addon-events@6.2.9...
    scanning segfault-raub@3.2.0...
    scanning storybook-addon-launchdarkly@5.0.0...
    [50] processed
    scanning storybook-vscode-component@1.0.9...
    scanning storybook-addon-i18n@5.1.13...
    scanning storybook-color-picker@4.0.0...
    scanning @storybook/addon-design-assets@6.2.9...
  ↩️  HTTP 301 → https://unpkg.com/segfault-raub@3.2.0/install.js
    scanning smart-whisper@0.8.1...
    scanning node-crc16@2.0.7...
    scanning storybook-addon-material-ui5@1.0.0...
  ↩️  HTTP 302 → https://unpkg.com/addon-tools-raub@9.3.0/package.json
    scanning @pbutlewski/storybook-html@5.0.2...
    scanning creevey@0.11.4...
    scanning @avalane/storybook-addon-status@5.0.1...
    scanning @storybook/addon-graphql@6.2.9...
    scanning @julusian/segfault-raub@2.3.3...
    scanning nanomsg@4.2.1...
    scanning @pshenmic/zeromq@6.0.0-beta.22...
    scanning kythia-core@26.1.1...
    scanning @storybook/addon-parameter@6.2.9...
    scanning @focus-reactive/storybook-graphql-kit@1.0.2...
    scanning @focus-reactive/storybook-addon-graphcms@1.3.0...
    scanning @carbon/storybook-addon-theme@2.27.0...
    scanning @storybook/addon-roundtrip@6.2.9...
    scanning @addon-core/browser@0.6.0...
    scanning storybook-addon-jsdoc-to-mdx@1.2.0...
    scanning @storybook/addon-decorator@6.2.9...
    scanning @addon-core/storage@0.6.0...
    scanning memoryjs@3.5.1...
    scanning native-hello-world@2.0.0...
    scanning @lordofdestiny/mynumber@1.5.4...
    scanning @mcesystems/zeromq@6.0.0-beta.6...
    scanning adnbn@0.7.0...
    scanning xterm-link-provider@2.0.0...
    scanning @ktamas77/abletonlink@1.2.3...
    scanning @storybook/addon-preview-wrapper@6.2.9...
    scanning node_or_tools@1.3.0...
    scanning process-audio-capture@1.0.14...
    scanning @jamiephan/casclib@0.1.0...
    scanning @component-controls/storybook@3.15.0...
  ↩️  HTTP 302 → https://unpkg.com/semver@7.8.5/package.json
    scanning @amigo9090/ih-libiec61850-node@1.0.73...
    scanning @jamiephan/stormlib@0.1.0...
    scanning qminer@9.4.0...
    scanning @etchteam/storybook-addon-marker@7.0.0...
    scanning gst-kit@0.2.8...
    scanning wsjtx-lib@2.1.3...
    scanning @kastov/node-supervisord@2.0.4...
    scanning storybook-addon-react-live-edit@2.0.4...
    scanning @component-controls/axe-plugin@4.0.3...
    scanning @addon-core/inject-script@0.3.1...
    scanning simplified-mojang-api@0.0.49...
    scanning spawnpack@0.1.8...
    scanning @wealthfolio/addon-sdk@3.5.1...
    [100] processed
    scanning @hitrading/ctp-node@2.0.0...
    scanning sbffi@1.0.4...
    scanning rebory@0.2.10...
    scanning @component-controls/viewport-plugin@4.0.3...
    scanning netlinkwrapper@2.0.2...
    scanning civetkern@0.3.6...
    scanning sharedpubsub@2.0.1...
    scanning node-luajit@3.0.0...
    scanning @component-controls/jest-snapshots@3.4.5...
    scanning storybook-addon-emotion-theme@2.1.1...
    scanning @component-controls/addon-stats@4.0.3...
    scanning node-native-win-utils@2.2.3...
    scanning storybook-addon-scratchpad@0.1.2...
    scanning node-rar@0.0.2...
    scanning @linuxcnc-node/hal@2.2.2...
    scanning filesystem-utilities@7.5.0...
    scanning @bedrock-core/cli@0.8.2...
    scanning @procore/storybook-addon@5.0.0...
    scanning smart-whisper-electron@0.8.2...
    scanning @nodots/gnubg-hints@1.0.4...
    scanning pwuid@2.0.0...
    scanning rapidx2j@0.8.0...
    scanning k2hash@2.0.6...
    scanning extension-fs@7.1.0...
    scanning deps-opengl-raub@7.2.0...
    scanning node-gyp-hw@1.1.21...
    scanning @paymoapp/real-idle@1.1.2...
    scanning @linuxcnc-node/gcode@2.2.2...
  ↩️  HTTP 301 → https://unpkg.com/deps-opengl-raub@7.2.0/install.js
    scanning @etchteam/storybook-addon-github-link@2.0.0...
    scanning @vlad-fresha/segfault-raub@2.10.0...
    scanning zip-node-addon@0.0.11...
  ↩️  HTTP 302 → https://unpkg.com/addon-tools-raub@9.3.0/package.json
    scanning xdhqznd@2018.4.14...
    scanning sbffi2@1.0.5...
    scanning @component-controls/storybook-custom-docs@3.14.6...
    scanning k2hdkc@2.0.4...
    scanning glfw-raub@6.4.0...
    scanning webgl-raub@5.3.0...
    scanning mysql-libmysqlclient@1.6.0...
    scanning npool@1.4.7...
  ↩️  HTTP 301 → https://unpkg.com/glfw-raub@6.4.0/install.js
  ↩️  HTTP 301 → https://unpkg.com/webgl-raub@5.3.0/install.js
    scanning node-supervisord@1.0.6-rc.2...
  ↩️  HTTP 302 → https://unpkg.com/addon-tools-raub@9.3.0/package.json
    scanning @ably/zeromq@6.0.0-beta.ably.3...
    scanning @aminya/zeromq@5.2.16...
  ↩️  HTTP 302 → https://unpkg.com/addon-tools-raub@9.3.0/package.json
    scanning shield-studies-addon-utils@6.0.0...
    scanning @alibaba-aero/storybook-addon-docs@6.2.0-alpha.0...
    scanning cypher-parser@0.1.14...
    scanning macos-haptic@1.0.0...
    scanning storybook-addon-multi-theme@0.0.9...
    scanning @tianwei_wu/node-addon-napi-demo@1.0.5...
    scanning @nodots-llc/gnubg-hints@4.6.2...
    scanning not-albertsgrc@1.5.0...
    [150] processed
    scanning lighthouse-unit-converter@1.0.9...
    scanning chmpx@2.0.4...
    scanning libmill@0.4.0...
    scanning deps-labsound-raub@6.0.0...
    scanning iojs-nanomsg@1.1.11...
    scanning storybook-addon-knobs-color-options@6.2.0-rc.2...
    scanning deps-freeimage-raub@6.2.0...
  ↩️  HTTP 301 → https://unpkg.com/deps-labsound-raub@6.0.0/install.js
    scanning node-rcheevos@1.0.2...
    scanning deps-bullet-raub@4.0.0...
  ↩️  HTTP 302 → https://unpkg.com/addon-tools-raub@9.3.0/package.json
    scanning puerts@0.3.1...
    scanning occt-gltf-addon@0.1.15...
  ↩️  HTTP 301 → https://unpkg.com/deps-freeimage-raub@6.2.0/install.js
    scanning ih-lib60870-node@1.0.75...
    scanning screencapturekit-audio-capture@1.3.6...
  ↩️  HTTP 301 → https://unpkg.com/deps-bullet-raub@4.0.0/install.js
  ↩️  HTTP 302 → https://unpkg.com/addon-tools-raub@9.3.0/package.json
    scanning phash-image@3.5.0...
  ↩️  HTTP 302 → https://unpkg.com/addon-tools-raub@9.3.0/package.json
    scanning bmad-method-odoo@1.1.7...
    scanning iswasmfast@0.0.13...
    scanning storybook-html@4.1.3-beta.1...
  ↩️  HTTP 302 → https://unpkg.com/tar@7.5.17/package.json
    scanning abletonlink@0.2.0-beta.0...
    scanning casclib@1.0.4...
    scanning stormlib@0.0.3...
    scanning ci-info@4.4.0...
    scanning minimist@1.2.8...
  ↩️  HTTP 302 → https://unpkg.com/chalk@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/fs-extra@11.3.5/package.json
    scanning jsonc-parser@3.3.1...
    scanning axios@1.16.0...
    scanning minimatch@10.2.5...
  ↩️  HTTP 302 → https://unpkg.com/shelljs@0.8.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/npmlog@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/chalk@2.4.2/package.json
    scanning cliui@8.0.1...
    scanning ts-node@10.9.2...
    scanning yargs-parser@21.1.1...
    scanning tar@7.5.17...
  ↩️  HTTP 301 → https://unpkg.com/ts-node@10.9.2/register/index.js
    ✓ 182 packages processed, no new candidates
    checkpoint saved

  ├─ reverify: full fetch (182 packages — confirming all deps cached)...

  DeepFetch (reverify): 182 packages (182 cache invalidated — re-fetching)...
    scanning 9router@0.5.8...
    scanning @swc/core@1.15.43...
    scanning @parcel/watcher@2.5.6...
    scanning prisma@7.8.0...
    scanning @sentry/cli@3.5.1...
    scanning puppeteer@25.2.1...
    scanning better-sqlite3@12.11.1...
    scanning cypress@15.18.0...
    scanning lefthook@2.1.9...
    scanning canvas@3.2.3...
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm64@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm-eabi@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-freebsd-x64@1.3.11/package.json
    scanning bcrypt@6.0.0...
  ↩️  HTTP 302 → https://unpkg.com/puppeteer@25.2.1/package.json
    scanning sqlite3@6.0.1...
    scanning ffmpeg-static@5.3.0...
    scanning node-sass@9.0.0...
    scanning @tensorflow/tfjs-node@4.22.0...
  ↩️  HTTP 302 → https://unpkg.com/chalk@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/bluebird@3.7.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/xvfb@1.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/common-tags@1.8.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/lodash@4.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/arch@2.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/ospath@1.2.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/ci-info@4.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cachedir@2.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/executable@4.1.1/package.json
    scanning wireit@0.14.13...
  ↩️  HTTP 302 → https://unpkg.com/supports-color@8.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/log-symbols@4.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/systeminformation@5.31.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/fs-extra@9.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-installed-globally@0.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/untildify@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/dayjs@1.11.21/package.json
  ↩️  HTTP 302 → https://unpkg.com/commander@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/request@4.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/request-progress@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/listr2@9.0.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/yauzl@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/pretty-bytes@5.6.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cypress@15.18.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/tmp@0.2.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/minimist@1.2.8/package.json
    scanning esbuild@0.28.1...
    scanning rollup@4.62.2...
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@5.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/env-paths@2.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@derhuerst/http-basic@8.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@2.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
  ↩️  HTTP 302 → https://unpkg.com/tar@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/rimraf@2.7.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/cross-spawn@7.0.6/package.json
  ↩️  HTTP 302 → https://unpkg.com/make-fetch-happen@10.2.1/package.json
    scanning webpack@5.108.0...
    scanning unbuild@3.6.1...
    scanning nx@23.0.1...
    scanning chromatic@17.7.1...
    scanning publish-browser-extension@4.0.5...
    scanning zeromq@6.5.0...
    scanning storybook-addon-deep-controls@0.10.0...
    scanning storycap@5.0.1...
    scanning @storybook/addon-console@3.0.0...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/bin/post-install.js
    scanning @etchteam/storybook-addon-status@8.1.0...
    scanning @storybook/addon-options@5.3.21...
    scanning @storybook/addon-info@5.3.21...
    scanning storybook-addon-swc@1.2.0...
    scanning storybook-addon-themes@6.1.0...
    scanning @storybook/addon-notes@5.3.21...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/native/index.js
    scanning storybook-addon-turbo-build@2.0.1...
    scanning @focus-reactive/react-yaml@1.1.2...
    scanning @react-theming/storybook-addon@1.1.10...
    scanning @storybook/addon-centered@5.3.21...
    scanning storybook-addon-styled-component-theme@2.0.0...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/project-graph/plugins/index.js
    scanning @storybook/addon-devkit@1.4.2...
    scanning storybook-addon-next@1.8.0...
    scanning @storybook/addon-ondevice-knobs@7.6.20...
  ↩️  HTTP 301 → h

…(truncated — 146515 chars total, see artifact for full output)
…*(truncated — full output in artifact)*

📦 Download full scan artifacts (zip)

@vbjay

vbjay commented Jun 26, 2026

Copy link
Copy Markdown
Owner

@copilot scan.zip
I have uploaded my current packages and report file from the suggestion tool. I want you to use the report to make coverage improvements and then I want you to copy the packages file into the root of the repo and then run node scripts/build-indicator-suggestions.js --deep attaching in a reply here the updated report and the new packages file. Analyze the report file to also in the same reply describe how good your changes were in the commit you will make updating the indicators and signals. Make sure you read the full report json file to understand the suggestions.

Copilot AI commented Jun 26, 2026

Copy link
Copy Markdown
Author

@copilot scan.zip
I have uploaded my current packages and report file from the suggestion tool. I want you to use th...

Coverage improvement analysis

What was added

Two new virtual indicators were added to the registry (now at 30 total), each triggered purely by signal detection rather than a file-on-disk check (scanner: { type: 'none' }), matching the existing pattern of binary-downloader, bundled-binary-installer, etc.:

Indicator key Signal trigger Label
obfuscated-install-script obfuscation-pattern Obfuscated install script
dynamic-require-loader dynamic-require Dynamic-require loader

Both signals already existed in SIGNAL_DESCRIPTIONS — no new signal definitions were needed.

indicator-scanner.js wiring:

  • hasBuildHint() — both signals added to the early-exit gate; packages with only these signals were previously skipped before the full scan ran
  • detectClues() — both signals added to the trigger block so the virtual indicators are added to sigHintedFiles whenever the signal fires
  • build-indicator-suggestions.jstriggeredByObfuscationPatternSignal and triggeredByDynamicRequireSignal added to the hardcoded registry-metadata serialisation list

Deep-scan results (--deep)

Ran node scripts/build-indicator-suggestions.js --deep against the 20,579-package manifest (packages file now at repo root). Updated indicator-suggestions.json generated.

Metric Input report New report Δ
Unique packages considered 20,575 20,579 +4
With lifecycle scripts 4,416 4,416 0
Matched by existing definitions 2,824 1,869 −955
Uncategorized build packages 111 216 +105

The matched count drop is expected: the input report used command-pattern heuristics (heuristic matches inflate counts), while --deep uses actual fetched file signals (stricter). The uncategorized count increase is similarly expected — the deeper scan surfaces packages whose scripts don't match commandPattern heuristics but do have real build signals.

New indicator hits this run: obfuscated-install-script = 0, dynamic-require-loader = 0.

This is expected for the deep scan. The primary motivation package (electron@37.10.3, 4.7M/wk) only shows file-unreadable in the deep scan because unpkg serves electron's install.js in a form the scanner can't read. The new indicators will fire correctly in the npm approve-scripts workflow where the package is installed locally and the files are directly accessible.

Top uncategorized packages by downloads (highlights from new report):

  • fflate@0.8.3 — 51.5M/wk
  • @sentry/cli@3.5.1 — 19.4M/wk
  • npm@11.17.0 — 14.8M/wk
  • nx@23.0.1 — 9.4M/wk
  • electron@37.10.3 — 4.7M/wk (file-unreadable in deep mode)

existingDefinitionCoverage (deep mode, by match count)

Indicator Matches
android/build.gradle 918
binding.gyp 402
build.gradle 191
Cargo.toml 89
bundled-binary-installer 34
gulpfile.* 34
source-downloader 24
CMakeLists.txt 24
runtime-installer 13
binary-downloader 3

Summary

The two new indicators are correctly wired end-to-end through the entire pipeline (definitions → scanner gates → detectClues → build-script serialisation). Cache invalidation is automatic: adding new registry keys changes computeDeepScanVersion(), so stale cache entries will be re-scanned on the next --deep run. The 0-hit result this cycle is a data artifact of the unpkg fetch gap for electron; the indicators will produce correct results against locally installed packages in the actual approve-scripts workflow.

@github-actions

Copy link
Copy Markdown

✅ PASS — approve-scripts smoke report

All packages with lifecycle scripts are correctly identified as pending approval.

Package Type Status Top risks
@mongodb-js/zstd@7.0.0 direct ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
@playwright/browser-chromium@1.60.0 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
@playwright/browser-firefox@1.60.0 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
@playwright/browser-webkit@1.60.0 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
better-sqlite3@12.11.1 transitive ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
esbuild@0.28.1 transitive ⏳ pending uses child_process (can spawn external commands), makes network requests, contains dense hex-escape sequences (obfuscation indicator)
kerberos@7.0.0 direct ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
nx@22.7.5 transitive ⏳ pending may write outside the package directory, uses child_process (can spawn external commands), runs npm/yarn/pnpm install as a child process at install time (second-stage install — may pull arbitrary packages with scripts enabled)
puppeteer@24.36.1 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity), runs npm/yarn/pnpm install as a child process at install time (second-stage install — may pull arbitrary packages with scripts enabled)
sqlite3@6.0.1 direct ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
unrs-resolver@1.12.2 transitive ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
📦 Download full reports (zip)
@github-actions

Copy link
Copy Markdown

❌ FAILED (exit 1) — indicator-suggestions deep scan

Command: node scripts/build-indicator-suggestions.js --add 9router --top 100 --deep

Full scan output (stdout + stderr)

📦 npm indicator-suggestions builder
   out:      /home/runner/work/npm-cli/npm-cli/indicator-suggestions.json
   packages: /home/runner/work/npm-cli/npm-cli/indicator-suggestions.packages.json (permanent store)
   resume:   /home/runner/work/npm-cli/npm-cli/indicator-suggestions.tmp.json  (deleted on success)
   deep:     /home/runner/work/npm-cli/npm-cli/indicator-suggestions.deep  (indicator files cached by name@version)
             with: /home/runner/work/npm-cli/npm-cli/lib/utils/indicator-scanner.js

Loading package data...
  (no existing data — fresh run, targeting 100 packages)

  query order: cli, npm, node, javascript, native, build, android, rust, wasm, react-native, addon
Steps 1–3/5: Scanning popular packages for lifecycle scripts...
  (target: 100 more packages with lifecycle scripts)
  (skipping 0 already-scanned names)
  (first run — recorded changes seq 116,677,565; next run will filter)

  + injected candidate: 9router
  + injected candidate: @swc/core
  ? probing alternate form: core
  + injected candidate: core  (alternate form of '@swc/core')
  + injected candidate: @parcel/watcher
  ? probing alternate form: watcher
  + injected candidate: watcher  (alternate form of '@parcel/watcher')
  + injected candidate: @sentry/cli
  ? probing alternate form: cli
  + injected candidate: cli  (alternate form of '@sentry/cli')
  + injected candidate: prisma
  + injected candidate: puppeteer
  + injected candidate: better-sqlite3
  + injected candidate: canvas
  + injected candidate: cypress
  + injected candidate: bcrypt
  + injected candidate: electron
  + injected candidate: lefthook
  + injected candidate: sqlite3
  + injected candidate: ffmpeg-static
  + injected candidate: node-sass
  + injected candidate: @tensorflow/tfjs-node
  ? probing alternate form: tfjs-node
  + injected candidate: tfjs-node  (alternate form of '@tensorflow/tfjs-node')
  + injected candidate: cross-env
  + injected candidate: cross-spawn
  + injected candidate: shelljs
  + injected candidate: gulp
  + injected candidate: gulp-cli
  + injected candidate: grunt
  + injected candidate: grunt-cli
  + injected candidate: jake
  + injected candidate: just-task
  + injected candidate: nps
  + injected candidate: wireit
  + injected candidate: taskr
  + injected candidate: nake
  + injected candidate: esbuild
  + injected candidate: rollup
  + injected candidate: vite
  + injected candidate: webpack
  + injected candidate: parcel
  + injected candidate: tsup
  + injected candidate: unbuild
  + injected candidate: brunch
  + injected candidate: broccoli
  + injected candidate: fuse-box
  + injected candidate: snowpack
  + injected candidate: nx
  + injected candidate: turborepo
  + injected candidate: lerna

Step 3.25/5: Processing 47 candidates...

  Candidates: fetching 47...
    [47/47] checked, 21 new, 0 version updates
    ✓ +21 of 47 candidates (21 in store, 44.7% hit rate)
    checkpoint saved — ready to refill

  query: keywords:cli
    fetching offset=0...
    p1 offset=0 fetch=356ms | +247 new names, 3 seen-skips | 247 candidates, 21 in store
    saving checkpoint...
                       
    fetching offset=250...
    p2 offset=250 fetch=189ms | +250 new names, 0 seen-skips | 497 candidates, 21 in store
    saving checkpoint...
                       
  Candidates: fetching 497...
    [50/497] checked, 7 new, 0 version updates
    [100/497] checked, 10 new, 0 version updates
    [150/497] checked, 20 new, 0 version updates
    [200/497] checked, 24 new, 0 version updates
    [250/497] checked, 33 new, 0 version updates
    [300/497] checked, 43 new, 0 version updates
    [350/497] checked, 50 new, 0 version updates
    [400/497] checked, 61 new, 0 version updates
    [450/497] checked, 73 new, 0 version updates
    [497/497] checked, 77 new, 0 version updates
    ✓ +77 of 497 candidates (98 in store, 15.5% hit rate)
    checkpoint saved — ready to refill
    fetching offset=500...
    p3 offset=500 fetch=212ms | +248 new names, 2 seen-skips | 248 candidates, 98 in store
    saving checkpoint...
                       
    fetching offset=750...
    p4 offset=750 fetch=262ms | +250 new names, 0 seen-skips | 498 candidates, 98 in store
    saving checkpoint...
                       
  Candidates: fetching 498...
    [50/498] checked, 8 new, 0 version updates
    [100/498] checked, 18 new, 0 version updates
    [150/498] checked, 23 new, 0 version updates
    [200/498] checked, 30 new, 0 version updates
    [250/498] checked, 43 new, 0 version updates
    [300/498] checked, 54 new, 0 version updates
    [350/498] checked, 67 new, 0 version updates
    [400/498] checked, 80 new, 0 version updates
    [450/498] checked, 97 new, 0 version updates
    [498/498] checked, 112 new, 0 version updates
    ✓ +112 of 498 candidates (210 in store, 22.5% hit rate)
    checkpoint saved — ready to refill
  checkpoint: 210 packages, 1042 seen — saved

  ✓ search complete: 1,000 names examined this run (1,042 unique in seen-set)

Step 3.5/4: Expanding scoped packages with unscoped peers...
  checking 39 bare names...
  39 of 39 peers exist — added to candidates

  Candidates: fetching 39...
    [39/39] checked, 1 new, 0 version updates
    ✓ +1 of 39 candidates (211 in store, 2.6% hit rate)
    checkpoint saved — ready to refill
Step 4/5: Deep scanning packages via unpkg...
  ├─ pass 1 (initial full fetch): all 211 packages...

  DeepFetch (reverify): 211 packages (211 new)...
    scanning 9router@0.5.8...
    scanning @swc/core@1.15.43...
    scanning @parcel/watcher@2.5.6...
    scanning @sentry/cli@3.5.1...
    scanning better-sqlite3@12.11.1...
    scanning puppeteer@25.2.1...
    scanning canvas@3.2.3...
    scanning cypress@15.18.0...
    scanning bcrypt@6.0.0...
    scanning lefthook@2.1.9...
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm-eabi@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm64@1.3.11/package.json
    scanning sqlite3@6.0.1...
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-freebsd-x64@1.3.11/package.json
      + discovered @swc/core-win32-arm64-msvc@1.15.43
      + discovered @swc/core-win32-x64-msvc@1.15.43
      + discovered @swc/core-darwin-x64@1.15.43
      + discovered @swc/core-win32-ia32-msvc@1.15.43
      + discovered @swc/core-darwin-arm64@1.15.43
      + discovered @swc/core-android-arm64@1.3.11
      + discovered @swc/core-linux-x64-musl@1.15.43
      + discovered @swc/core-android-arm-eabi@1.3.11
      + discovered @swc/core-linux-arm64-musl@1.15.43
      + discovered @swc/core-linux-x64-gnu@1.15.43
      + discovered @swc/core-linux-arm-gnueabihf@1.15.43
      + discovered @swc/core-linux-arm64-gnu@1.15.43
      + discovered @swc/core-linux-ppc64-gnu@1.15.43
      + discovered @swc/core-linux-s390x-gnu@1.15.43
      + discovered @swc/core-freebsd-x64@1.3.11
    scanning ffmpeg-static@5.3.0...
  ↩️  HTTP 302 → https://unpkg.com/puppeteer@25.2.1/package.json
    scanning node-sass@9.0.0...
    scanning prisma@7.8.0...
  ↩️  HTTP 302 → https://unpkg.com/bluebird@3.7.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/chalk@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/xvfb@1.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/common-tags@1.8.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/lodash@4.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/arch@2.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/ospath@1.2.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/log-symbols@4.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/ci-info@4.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/executable@4.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/cachedir@2.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/systeminformation@5.31.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/supports-color@8.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/fs-extra@9.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-installed-globally@0.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/listr2@9.0.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/untildify@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/commander@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/dayjs@1.11.21/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/request@4.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/request-progress@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/yauzl@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/pretty-bytes@5.6.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cypress@15.18.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/tmp@0.2.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/minimist@1.2.8/package.json
      + discovered bluebird@3.7.2
      + discovered common-tags@1.8.2
      + discovered chalk@4.1.2
      + discovered debug@4.4.3
      + discovered @cypress/xvfb@1.2.4
      + discovered hasha@5.2.2
      + discovered lodash@4.18.1
      + discovered arch@2.2.0
      + discovered execa@4.1.0
      + discovered ospath@1.2.2
      + discovered log-symbols@4.1.0
      + discovered ci-info@4.4.0
      + discovered cachedir@2.4.0
      + discovered executable@4.1.1
      + discovered systeminformation@5.31.11
      + discovered supports-color@8.1.1
      + discovered fs-extra@9.1.0
      + discovered is-installed-globally@0.4.0
      + discovered tree-kill@1.2.2
      + discovered cli-table3@0.6.1
      + discovered listr2@9.0.5
      + discovered untildify@4.0.0
      + discovered dayjs@1.11.21
      + discovered proxy-from-env@1.0.0
      + discovered commander@6.2.1
      + discovered @cypress/request@4.0.1
      + discovered request-progress@3.0.0
      + discovered yauzl@3.4.0
      + discovered pretty-bytes@5.6.0
      + discovered minimist@1.2.8
      + discovered tmp@0.2.7
    scanning @tensorflow/tfjs-node@4.22.0...
    scanning wireit@0.14.13...
  ↩️  HTTP 302 → https://unpkg.com/env-paths@2.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@5.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/@derhuerst/http-basic@8.2.4/package.json
      + discovered https-proxy-agent@5.0.1
      + discovered env-paths@2.2.1
      + discovered progress@2.0.3
      + discovered @derhuerst/http-basic@8.2.4
    scanning rollup@4.62.2...
  ↩️  HTTP 302 → https://unpkg.com/make-fetch-happen@10.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/cross-spawn@7.0.6/package.json
  ↩️  HTTP 302 → https://unpkg.com/tar@6.2.1/package.json
      + discovered make-fetch-happen@10.2.1
      + discovered cross-spawn@7.0.6
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@2.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
    scanning esbuild@0.28.1...
  ↩️  HTTP 302 → https://unpkg.com/rimraf@2.7.1/package.json
    scanning webpack@5.108.0...
      + discovered tar@6.2.1
      + discovered https-proxy-agent@2.2.4
      + discovered adm-zip@0.5.17
      + discovered rimraf@2.7.1
    scanning unbuild@3.6.1...
    scanning nx@23.0.1...
    scanning yargs@18.0.0...
    scanning cliui@9.0.1...
    scanning yargs-parser@22.0.0...
    scanning rimraf@6.1.3...
    scanning jackspeak@4.2.3...
    scanning @isaacs/cliui@9.0.0...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/bin/post-install.js
    scanning meow@14.1.0...
    scanning html-minifier-terser@7.2.0...
    scanning @oclif/core@4.11.11...
    scanning skills@1.5.13...
    scanning clipanion@4.0.0-rc.4...
    scanning ink@7.1.0...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/native/index.js
    scanning tokenjuice@0.8.1...
    scanning logkitty@0.7.1...
    scanning getopts@2.3.0...
    scanning yeoman-environment@6.1.0...
    scanning yeoman-generator@8.2.2...
    scanning gradient-string@3.0.0...
    scanning ansi-fragments@0.2.1...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/project-graph/plugins/index.js
    scanning env-cmd@11.0.0...
    scanning acpx@0.11.2...
    scanning agent-browser@0.31.0...
    scanning sequelize-cli@6.6.5...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/executors/run-commands/run-commands.impl.js
    scanning eas-cli@20.4.0...
    scanning ipull@4.0.3...
    scanning stdout-update@4.0.1...
    scanning yo@7.0.1...
    scanning @oclif/multi-stage-output@0.8.44...
    scanning @vscode/test-cli@0.0.15...
  ↩️  HTTP 302 → https://unpkg.com/nx@23.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/packages@0.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/typescript@6.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular-devkit/build-angular@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular/build@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/ts-node@10.9.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc-node/register@1.11.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/target@0.0.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/devkit@23.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/key@5.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/powerpack-license@5.0.8/package.json
      + discovered tslib@2.8.1
      + discovered picocolors@1.1.1
      + discovered jsonc-parser@3.3.1
      + discovered @zkochan/js-yaml@0.0.7
      + discovered lines-and-columns@2.0.3
      + discovered dotenv@16.4.7
      + discovered axios@1.16.0
      + discovered figures@3.2.0
      + discovered cli-spinners@2.6.1
      + discovered ora@5.4.1
      + discovered cli-cursor@3.1.0
      + discovered tar-stream@2.2.0
      + discovered @napi-rs/wasm-runtime@0.2.4
      + discovered @nx/nx-win32-x64-msvc@23.0.1
      + discovered @nx/nx-win32-arm64-msvc@23.0.1
      + discovered @nx/nx-darwin-x64@23.0.1
      + discovered @nx/nx-darwin-arm64@23.0.1
      + discovered @nx/nx-freebsd-x64@23.0.1
      + discovered @nx/nx-linux-x64-musl@23.0.1
      + discovered @nx/nx-linux-x64-gnu@23.0.1
      + discovered @nx/nx-linux-arm64-musl@23.0.1
      + discovered @nx/nx-linux-arm64-gnu@23.0.1
      + discovered @nx/nx-linux-arm-gnueabihf@23.0.1
      + discovered minimatch@10.2.5
      + discovered dotenv-expand@12.0.3
      + discovered resolve.exports@2.0.3
      + discovered string-width@4.2.3
      + discovered cliui@8.0.1
      + discovered typescript@6.0.3
      + discovered packages@0.0.8
      + discovered flat@5.0.2
      + discovered @angular-devkit/build-angular@22.0.4
      + discovered @angular/build@22.0.4
      + discovered tsconfig-paths@4.2.0
      + discovered ignore@7.0.5
      + discovered enquirer@2.3.6
      + discovered ts-node@10.9.2
      + discovered yaml@2.9.0
      + discovered semver@7.7.4
      + discovered @swc-node/register@1.11.1
      + discovered npm-run-path@4.0.1
      + discovered yargs-parser@21.1.1
      + discovered target@0.0.2
      + discovered @nx/devkit@23.0.1
      + discovered @nx/key@5.0.8
      + discovered @nx/powerpack-license@5.0.8
    scanning @oclif/table@0.5.9...
    scanning unicode-animations@1.0.3...
    scanning @netlify/zip-it-and-ship-it@15.0.1...
    [50] processed
    scanning tap@21.7.4...
    scanning codeowners-audit@2.9.0...
    scanning oclif@4.23.21...
    scanning ink-testing-library@4.0.0...
    scanning yaml-lint@1.7.0...
    scanning gws-with-audit-log@0.0.5...
    scanning hugo-extended@0.163.3...
    scanning typeorm-extension@3.9.0...
    scanning xo@3.0.2...
    scanning levenshtein-edit-distance@3.0.1...
    scanning netlify@26.1.0...
    scanning chalk-animation@2.0.3...
    scanning netlify-cli@26.1.0...
    scanning unified-args@11.0.1...
    scanning @mintlify/cli@4.0.1247...
    scanning backport@12.0.4...
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
  ↩️  HTTP 302 → https://unpkg.com/tar@7.5.17/package.json
    scanning @grafana/e2e-selectors@13.1.0...
      + discovered tar@7.5.17
    scanning openapi-merge-cli@1.3.2...
    scanning wasm-pack@0.15.0...
    scanning agent-device@0.17.10...
    scanning @fission-ai/openspec@1.4.1...
  ↩️  HTTP 302 → https://unpkg.com/strip-json-comments@5.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/winston@3.19.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/open@11.0.0/package.json
      + discovered winston@3.19.0
      + discovered strip-json-comments@5.0.3
  ↩️  HTTP 302 → https://unpkg.com/@netlify/config@24.6.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/ci-info@4.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-docker@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@8.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/normalize-package-data@7.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/execa@5.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/nanospinner@1.2.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/commander@12.1.0/package.json
    scanning @memlab/cli@2.0.3...
  ↩️  HTTP 302 → https://unpkg.com/@netlify/api@14.0.19/package.json
  ↩️  HTTP 302 → https://unpkg.com/ascii-table@0.0.9/package.json
  ↩️  HTTP 302 → https://unpkg.com/inquirer@8.2.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/blobs@10.7.9/package.json
    scanning ovsx@1.0.2...
  ↩️  HTTP 302 → https://unpkg.com/@netlify/ai@0.4.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/prettyjson@1.2.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/terminal-link@5.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/clean-deep@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@pnpm/tabtab@0.5.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/env-paths@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-wsl@3.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/p-wait-for@6.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/chalk@5.6.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/dev-utils@4.4.6/package.json
  ↩️  HTTP 302 → https://unpkg.com/@bugsnag/js@8.9.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/find-up@8.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/lodash@4.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/build-info@10.5.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/parse-github-url@1.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/inquirer-autocomplete-prompt@1.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/fuzzy@0.1.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/p-map@7.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/boxen@8.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/get-port@5.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/ansi-escapes@7.3.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/node-fetch@3.3.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/edge-functions-bootstrap@2.17.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/log-update@7.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/dev@4.18.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/zip-it-and-ship-it@14.7.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/git-repo-info@2.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/gitconfiglocal@2.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/yauzl@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/fastest-levenshtein@1.0.16/package.json
  ↩️  HTTP 302 → https://unpkg.com/parse-duration@2.1.6/package.json
  ↩️  HTTP 302 → https://unpkg.com/tomlify-j0.4@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-stream@4.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/build@35.15.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/headers-parser@9.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/dotenv@17.4.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/semver@7.8.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/modern-tar@0.7.6/package.json
  ↩️  HTTP 302 → https://unpkg.com/isexe@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/ulid@3.0.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/parallel-transform@1.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/jsonwebtoken@9.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/folder-walker@3.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/backoff@2.5.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/ws@8.21.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/redirect-parser@15.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/@octokit/rest@22.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/readdirp@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/maxstache-stream@1.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/maxstache@1.0.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/pg@8.22.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/from@0.1.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/cron-parser@4.9.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/drizzle-kit@0.31.10/package.json
  ↩️  HTTP 302 → https://unpkg.com/ansi-to-html@0.7.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/content-type@1.0.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/multiparty@4.3.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/raw-body@3.0.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/chokidar@4.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/p-filter@4.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/netlify-redirector@0.5.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cookie@1.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/toml@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/fastify@5.8.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/@fastify/static@9.1.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/dot-prop@10.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/images@1.3.10/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/edge-bundler@14.10.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/etag@1.8.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/http-proxy@1.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/http-proxy-middleware@3.0.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/jwt-decode@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/locate-path@8.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/local-functions-proxy@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/decache@4.6.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/read-package-up@12.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/source-map-support@0.5.21/package.json
  ↩️  HTTP 302 → https://unpkg.com/lambda-local@2.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/express-logging@1.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/express@5.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/envinfo@7.21.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/drizzle-orm@0.45.2/package.json
      + discovered open@11.0.0
      + discovered @netlify/config@24.6.0
      + discovered is-docker@4.0.0
      + discovered https-proxy-agent@8.0.0
      + discovered normalize-package-data@7.0.1
      + discovered execa@5.1.1
      + discovered nanospinner@1.2.2
      + discovered commander@12.1.0
      + discovered ascii-table@0.0.9
      + discovered @netlify/api@14.0.19
      + discovered inquirer@8.2.7
      + discovered @netlify/blobs@10.7.9
      + discovered @netlify/ai@0.4.2
      + discovered clean-deep@3.4.0
      + discovered prettyjson@1.2.5
      + discovered @pnpm/tabtab@0.5.4
      + discovered terminal-link@5.0.0
      + discovered env-paths@4.0.0
      + discovered p-wait-for@6.0.0
      + discovered is-wsl@3.1.1
      + discovered chalk@5.6.2
      + discovered @netlify/dev-utils@4.4.6
      + discovered @bugsnag/js@8.9.0
      + discovered find-up@8.0.0
      + discovered @netlify/build-info@10.5.1
      + discovered parse-github-url@1.0.4
      + discovered inquirer-autocomplete-prompt@1.4.0
      + discovered fuzzy@0.1.3
      + discovered p-map@7.0.4
      + discovered boxen@8.0.1
      + discovered get-port@5.1.1
      + discovered node-fetch@3.3.2
      + discovered ansi-escapes@7.3.0
      + discovered @netlify/edge-functions-bootstrap@2.17.1
      + discovered log-update@7.2.0
      + discovered @netlify/dev@4.18.8
      + discovered @netlify/zip-it-and-ship-it@14.7.1
      + discovered git-repo-info@2.1.1
      + discovered fastest-levenshtein@1.0.16
      + discovered parse-duration@2.1.6
      + discovered gitconfiglocal@2.1.0
      + discovered tomlify-j0.4@3.0.0
      + discovered @netlify/build@35.15.0
      + discovered @netlify/headers-parser@9.0.3
      + discovered is-stream@4.0.1
      + discovered dotenv@17.4.2
      + discovered semver@7.8.5
      + discovered modern-tar@0.7.6
      + discovered isexe@4.0.0
      + discovered ulid@3.0.2
      + discovered parallel-transform@1.2.0
      + discovered jsonwebtoken@9.0.3
      + discovered folder-walker@3.2.0
      + discovered backoff@2.5.0
      + discovered ws@8.21.0
      + discovered @netlify/redirect-parser@15.0.4
      + discovered @octokit/rest@22.0.1
      + discovered maxstache-stream@1.0.4
      + discovered readdirp@4.1.2
      + discovered maxstache@1.0.7
      + discovered pg@8.22.0
      + discovered from@0.1.7
      + discovered cron-parser@4.9.0
      + discovered drizzle-kit@0.31.10
      + discovered ansi-to-html@0.7.2
      + discovered content-type@1.0.5
      + discovered multiparty@4.3.0
      + discovered raw-body@3.0.2
      + discovered chokidar@4.0.3
      + discovered netlify-redirector@0.5.0
      + discovered p-filter@4.1.0
      + discovered cookie@1.1.1
      + discovered toml@3.0.0
      + discovered fastify@5.8.5
      + discovered @fastify/static@9.1.3
      + discovered dot-prop@10.1.0
      + discovered @netlify/images@1.3.10
      + discovered @netlify/edge-bundler@14.10.3
      + discovered etag@1.8.1
      + discovered http-proxy@1.18.1
      + discovered http-proxy-middleware@3.0.7
      + discovered jwt-decode@4.0.0
      + discovered locate-path@8.0.0
      + discovered @netlify/local-functions-proxy@2.0.3
      + discovered decache@4.6.2
      + discovered read-package-up@12.0.0
      + discovered source-map-support@0.5.21
      + discovered lambda-local@2.2.0
      + discovered express-logging@1.1.1
      + discovered express@5.2.1
      + discovered envinfo@7.21.0
      + discovered drizzle-orm@0.45.2
    scanning md-to-pdf@5.2.5...
    scanning relaydesgins@0.1.1...
  ↩️  HTTP 302 → https://unpkg.com/is-docker@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/ci-info@4.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/open@11.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/config@24.6.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/execa@5.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/env-paths@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/nanospinner@1.2.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@8.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/normalize-package-data@7.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/api@14.0.19/package.json
  ↩️  HTTP 302 → https://unpkg.com/ascii-table@0.0.9/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/blobs@10.7.9/package.json
  ↩️  HTTP 302 → https://unpkg.com/fastest-levenshtein@1.0.16/package.json
  ↩️  HTTP 302 → https://unpkg.com/inquirer@8.2.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/@pnpm/tabtab@0.5.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/terminal-link@5.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/prettyjson@1.2.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/clean-deep@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/p-wait-for@6.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/commander@12.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/chalk@5.6.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/dev-utils@4.4.6/package.json
  ↩️  HTTP 302 → https://unpkg.com/@bugsnag/js@8.9.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/build-info@10.5.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-wsl@3.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/find-up@8.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/fuzzy@0.1.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/p-map@7.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/lodash@4.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/parse-github-url@1.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/edge-functions-bootstrap@2.17.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/get-port@5.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/boxen@8.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/inquirer-autocomplete-prompt@1.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/dev@4.18.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/ansi-escapes@7.3.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/log-update@7.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/git-repo-info@2.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/gitconfiglocal@2.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/node-fetch@3.3.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/ai@0.4.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/parse-duration@2.1.6/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/zip-it-and-ship-it@14.7.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/tomlify-j0.4@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/backoff@2.5.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/folder-walker@3.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/parallel-transform@1.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/redirect-parser@15.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/build@35.15.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/headers-parser@9.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/yauzl@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/dotenv@17.4.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-stream@4.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/modern-tar@0.7.6/package.json
  ↩️  HTTP 302 → https://unpkg.com/isexe@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/semver@7.8.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/ansi-to-html@0.7.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/ulid@3.0.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/maxstache@1.0.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/jsonwebtoken@9.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/maxstache-stream@1.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/readdirp@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/ws@8.21.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/pg@8.22.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@octokit/rest@22.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/content-type@1.0.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/from@0.1.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/drizzle-kit@0.31.10/package.json
  ↩️  HTTP 302 → https://unpkg.com/multiparty@4.3.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/raw-body@3.0.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/cron-parser@4.9.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/chokidar@4.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/netlify-redirector@0.5.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cookie@1.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/p-filter@4.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/toml@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/images@1.3.10/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/edge-bundler@14.10.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/etag@1.8.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/dot-prop@10.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/http-proxy@1.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/http-proxy-middleware@3.0.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/locate-path@8.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/jwt-decode@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@fastify/static@9.1.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/decache@4.6.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/read-package-up@12.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/fastify@5.8.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/source-map-support@0.5.21/package.json
  ↩️  HTTP 302 → https://unpkg.com/lambda-local@2.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@netlify/local-functions-proxy@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/express-logging@1.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/express@5.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/envinfo@7.21.0/package.json
    scanning typed-scss-modules@8.1.1...
    scanning stemmer@2.0.1...

Fatal: EACCES: permission denied, open '/home/runner/work/npm-cli/npm-cli/indicator-suggestions.deep/ovsx@1.0.2/package.json'
Error: EACCES: permission denied, open '/home/runner/work/npm-cli/npm-cli/indicator-suggestions.deep/ovsx@1.0.2/package.json'
    at async open (node:internal/fs/promises:639:25)
    at async Object.writeFile (node:internal/fs/promises:1222:14)
    at async writeDefanged (/home/runner/work/npm-cli/npm-cli/scripts/build-indicator-suggestions.js:448:3)
    at async fetchOne (/home/runner/work/npm-cli/npm-cli/scripts/build-indicator-suggestions.js:599:10)
    at async limit (/home/runner/work/npm-cli/npm-cli/scripts/build-indicator-suggestions.js:505:14)
    at async fetchWithRefs (/home/runner/work/npm-cli/npm-cli/scripts/build-indicator-suggestions.js:653:16)
    at async deepFetchPackage (/home/runner/work/npm-cli/npm-cli/scripts/build-indicator-suggestions.js:695:9)
    at async worker (/home/runner/work/npm-cli/npm-cli/scripts/build-indicator-suggestions.js:2369:13)
    at async Promise.all (index 1)
    at async drain (/home/runner/work/npm-cli/npm-cli/scripts/build-indicator-suggestions.js:2439:7)


Generated indicator-suggestions.packages.json (manifest store)
{
  "data": {
    "generatedAt": "2026-06-26T01:15:24.248Z",
    "count": 211,
    "discoveryState": {
      "queryOrder": [
        "keywords:cli",
        "keywords:npm",
        "keywords:node",
        "keywords:javascript",
        "keywords:native",
        "keywords:build",
        "keywords:android",
        "keywords:rust",
        "keywords:wasm",
        "keywords:react-native",
        "keywords:addon"
      ],
      "queryIndex": -1,
      "queryFrom": 0,
      "keywordCursors": {
        "keywords:cli": {
          "from": 1000,
          "startedAt": "2026-06-26T01:13:40.136Z",
          "scannedAt": "2026-06-26T01:14:51.086Z"
        }
      }
    },
    "lastChangesSeq": 116677565,
    "seenOnlyNames": [
      "@11ty/eleventy-dev-server",
      "@adonisjs/ace",
      "@aikidosec/ci-api-client",
      "@allurereport/plugin-log",
      "@allurereport/plugin-progress",
      "@angular-builders/custom-esbuild",
      "@angular-builders/custom-webpack",
      "@angular-builders/jest",
      "@angular-devkit/build-angular@22.0.4",
      "@angular/build@22.0.4",
      "@antora/cli",
      "@argos-ci/cli",
      "@assistant-ui/react",
      "@asyncapi/modelina-cli",
      "@auto-it/bot-list",
      "@auto-it/package-json-utils",
      "@aws-amplify/amplify-cli-shared-interfaces",
      "@aws-amplify/amplify-prompts",
      "@aws-amplify/cli-extensibility-helper",
      "@axe-core/cli",
      "@axiomatic-labs/claudeflow",
      "@bahmutov/print-env",
      "@better-auth/cli",
      "@bitwarden/cli",
      "@breadc/death",
      "@brillout/picocolors",
      "@callstack/brownfield-cli",
      "@capawesome/cli",
      "@capgo/cli",
      "@caporal/core",
      "@catladder/cli",
      "@chainlink/evm-gauntlet",
      "@chainlink/evm-gauntlet-ocr",
      "@chainlink/gauntlet-core",
      "@chainlink/zksync-gauntlet",
      "@citation-js/cli",
      "@clack/core",
      "@clack/prompts",
      "@claude-flow/cli-core",
      "@clerc/core",
      "@clerc/parser",
      "@clerc/plugin-completions",
      "@clerc/plugin-friendly-error",
      "@clerc/plugin-help",
      "@clerc/plugin-not-found",
      "@clerc/plugin-strict-flags",
      "@clerc/plugin-update-notifier",
      "@clerc/plugin-version",
      "@clerc/utils",
      "@codama/cli",
      "@commitlint/cli",
      "@commitlint/travis-cli",
      "@compodoc/live-server",
      "@comunica/runner-cli",
      "@controlplane/cli",
      "@currents/commit-info",
      "@cypress/request@4.0.1",
      "@cypress/xvfb@1.2.4",
      "@datocms/cli",
      "@derhuerst/http-basic@8.2.4",
      "@devexpress/bin-v8-flags-filter",
      "@donmccurdy/caporal",
      "@dotenv-run/cli",
      "@dotenv-run/core",
      "@dotenv-run/webpack",
      "@e2b/cli",
      "@earendil-works/pi-coding-agent",
      "@earendil-works/pi-tui",
      "@easyai/cli",
      "@elizaos/tui",
      "@esm2cjs/npm-run-path",
      "@ethersproject/hardware-wallets",
      "@expo/cli",
      "@farmfe/cli",
      "@figma-export/cli",
      "@formatjs/cli",
      "@formatjs/cli-lib",
      "@gcornut/valibot-json-schema",
      "@genspark/cli",
      "@goldstack/utils-typescript-references",
      "@graphql-inspector/ci",
      "@graphql-inspector/cli",
      "@graphql-markdown/cli",
      "@hapi/bossy",
      "@hypabolic/hypa",
      "@inquirer/ansi",
      "@inquirer/checkbox",
      "@inquirer/confirm",
      "@inquirer/core",
      "@inquirer/editor",
      "@inquirer/expand",
      "@inquirer/external-editor",
      "@inquirer/figures",
      "@inquirer/input",
      "@inquirer/number",
      "@inquirer/password",
      "@inquirer/prompts",
      "@inquirer/rawlist",
      "@inquirer/search",
      "@inquirer/select",
      "@inquirer/testing",
      "@inquirer/type",
      "@intlayer/cli",
      "@jercle/yargonaut",
      "@jsdevtools/ez-spawn",
      "@json-render/ink",
      "@jsverse/transloco-keys-manager",
      "@kayvan/markdown-tree-parser",
      "@kilocode/cli-linux-x64",
      "@kilocode/cli-linux-x64-baseline",
      "@kilocode/cli-linux-x64-baseline-musl",
      "@kilocode/cli-linux-x64-musl",
      "@kubb/cli",
      "@lambdatest/smartui-cli",
      "@larksuite/whiteboard-cli",
      "@lingui/cli",
      "@listr2/prompt-adapter-enquirer",
      "@listr2/prompt-adapter-inquirer",
      "@magidoc/cli",
      "@mahdiarjangi/phetch-cli",
      "@mcp-use/cli",
      "@melkeydev/go-blueprint",
      "@metaplex-foundation/rustbin",
      "@mimo-ai/mimocode-windows-x64",
      "@mimo-ai/mimocode-windows-x64-baseline",
      "@minimistjs/subarg",
      "@mocks-server/config",
      "@mocks-server/core",
      "@mocks-server/main",
      "@mocks-server/plugin-inquirer-cli",
      "@moleculer/vorpal",
      "@moonrepo/cli",
      "@n8n/json-schema-to-zod",
      "@napi-rs/cli",
      "@napi-rs/wasm-runtime@0.2.4",
      "@ngneat/elf-cli-ng",
      "@nguniversal/builders",
      "@npmcli/map-workspaces",
      "@npmcli/node-gyp",
      "@nx/devkit@23.0.1",
      "@nx/key@5.0.8",
      "@nx/nx-darwin-arm64@23.0.1",
      "@nx/nx-darwin-x64@23.0.1",
      "@nx/nx-freebsd-x64@23.0.1",
      "@nx/nx-linux-arm-gnueabihf@23.0.1",
      "@nx/nx-linux-arm64-gnu@23.0.1",
      "@nx/nx-linux-arm64-musl@23.0.1",
      "@nx/nx-linux-x64-gnu@23.0.1",
      "@nx/nx-linux-x64-musl@23.0.1",
      "@nx/nx-win32-arm64-msvc@23.0.1",
      "@nx/nx-win32-x64-msvc@23.0.1",
      "@nx/powerpack-license@5.0.8",
      "@odata2ts/odata2ts",
      "@oh-my-pi/pi-tui",
      "@oh-my-pi/pi-utils",
      "@opentf/cli-pbar",
      "@opentf/cli-styles",
      "@pppp606/ink-chart",
      "@prisma/cli-init",
      "@promptbook/remote-client",
      "@putout/cli-cache",
      "@putout/cli-filesystem",
      "@putout/cli-match",
      "@putout/cli-process-file",
      "@putout/cli-ruler",
      "@quantco/pnpm-licenses",
      "@quasar/app-vite",
      "@quasar/app-webpack",
      "@quasar/babel-preset-app",
      "@quasar/cli",
      "@react-docgen/cli",
      "@releasekit/notes",
      "@robingenz/zli",
      "@rudderhq/cli",
      "@sanity/cli",
      "@sanity/cli-build",
      "@sanity/cli-core",
      "@sanity/cli-test",
      "@sap/appfront-cli",
      "@scalar/cli",
      "@scalar/mock-server",
      "@semantic-release/exec",
      "@sentry/expo-upload-sourcemaps",
      "@sentry/wizard",
      "@serwist/cli",
      "@shikijs/cli",
      "@skeletonlabs/tw-plugin",
      "@skriptfabrik/elements-cli",
      "@slack/cli-hooks",
      "@socketsecurity/socket-patch",
      "@soda-gql/cli",
      "@sourcemeta/jsonschema",
      "@specific.dev/cli",
      "@stacksjs/bumpx",
      "@stacksjs/bunpress",
      "@stacksjs/clapp",
      "@stdlib/assert-has-arraybuffer-support",
      "@stdlib/assert-has-float32array-support",
      "@stdlib/assert-has-float64array-support",
      "@stdlib/assert-has-function-name-support",
      "@stdlib/assert-has-generator-support",
      "@stdlib/assert-has-has-instance-symbol-support",
      "@stdlib/assert-has-int16array-support",
      "@stdlib/assert-has-int32array-support",
      "@stdlib/assert-has-int8array-support",
      "@stdlib/assert-has-iterator-symbol-support",
      "@stdlib/assert-has-node-buffer-support",
      "@stdlib/assert-has-symbol-support",
      "@stdlib/assert-has-to-primitive-symbol-support",
      "@stdlib/assert-has-tostringtag-support",
      "@stdlib/assert-has-uint16array-support",
      "@stdlib/assert-has-uint32array-support",
      "@stdlib/assert-has-uint8array-support",
      "@stdlib/assert-has-uint8clampedarray-support",
      "@stdlib/assert-is-big-endian",
      "@stdlib/assert-is-little-endian",
      "@stdlib/cli",
      "@stdlib/cli-ctor",
      "@stdlib/utils-eval",
      "@storybook/cli",
      "@strapi/cloud-cli",
      "@svgr/cli",
      "@swc-node/register@1.11.1",
      "@swc/cli",
      "@swc/core-android-arm-eabi@1.3.11",
      "@swc/core-android-arm64@1.3.11",
      "@swc/core-darwin-arm64@1.15.43",
      "@swc/core-darwin-x64@1.15.43",
      "@swc/core-freebsd-x64@1.3.11",
      "@swc/core-linux-arm-gnueabihf@1.15.43",
      "@swc/core-linux-arm64-gnu@1.15.43",
      "@swc/core-linux-arm64-musl@1.15.43",
      "@swc/core-linux-ppc64-gnu@1.15.43",
      "@swc/core-linux-s390x-gnu@1.15.43",
      "@swc/core-linux-x64-gnu@1.15.43",
      "@swc/core-linux-x64-musl@1.15.43",
      "@swc/core-win32-arm64-msvc@1.15.43",
      "@swc/core-win32-ia32-msvc@1.15.43",
      "@swc/core-win32-x64-msvc@1.15.43",
      "@tencent-ai/codebuddy-code",
      "@tencent-qqmail/agently-cli",
      "@terrazzo/cli",
      "@terrazzo/parser",
      "@terrazzo/token-tools",
      "@tinybirdco/sdk",
      "@toiroakr/read-multiline",
      "@tokscale/cli",
      "@trufflesuite/chromafi",
      "@trufflesuite/spinnies",
      "@typespec/compiler",
      "@unlighthouse/cli",
      "@usebruno/cli",
      "@vincentkoc/qrcode-tui",
      "@visulima/boxen",
      "@visulima/tabular",
      "@vue/babel-preset-app",
      "@vue/cli",
      "@vue/cli-overlay",
      "@vue/cli-plugin-babel",
      "@vue/cli-plugin-e2e-cypress",
      "@vue/cli-plugin-e2e-nightwatch",
      "@vue/cli-plugin-eslint",
      "@vue/cli-plugin-pwa",
      "@vue/cli-plugin-router",
      "@vue/cli-plugin-typescript",
      "@vue/cli-plugin-unit-jest",
      "@vue/cli-plugin-vuex",
      "@vue/cli-service",
      "@vue/cli-shared-utils",
      "@vuepress/cli",
      "@wagmi/cli",
      "@wdio/cli",
      "@web/dev-server",
      "@web/test-runner",
      "@wkovacs64/add-icon",
      "@xterm/headless",
      "@xterm/xterm",
      "@yeaft/webchat-agent",
      "@yemi33/minions",
      "@zkochan/boxen",
      "@zkochan/js-yaml@0.0.7",
      "adapter-types",
      "add-mcp",
      "adm-zip@0.5.17",
      "agent-install",
      "alex",
      "all-node-versions",
      "ampli",
      "amplify-prompts",
      "angular-cli-ghpages",
      "ansi-256-colors",
      "ansi-align",
      "ansi-bgblack",
      "ansi-bgblue",
      "ansi-bgcyan",
      "ansi-bggreen",
      "ansi-bgmagenta",
      "ansi-bgred",
      "ansi

…(truncated — 581169 chars total, see artifact for full file)

📦 Download full scan artifacts (zip)

@github-actions

Copy link
Copy Markdown

✅ PASS — approve-scripts smoke report

All packages with lifecycle scripts are correctly identified as pending approval.

Package Type Status Top risks
@mongodb-js/zstd@7.0.0 direct ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
@playwright/browser-chromium@1.60.0 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
@playwright/browser-firefox@1.60.0 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
@playwright/browser-webkit@1.60.0 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
better-sqlite3@12.11.1 transitive ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
esbuild@0.28.1 transitive ⏳ pending uses child_process (can spawn external commands), makes network requests, contains dense hex-escape sequences (obfuscation indicator)
kerberos@7.0.0 direct ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
nx@22.7.5 transitive ⏳ pending may write outside the package directory, uses child_process (can spawn external commands), runs npm/yarn/pnpm install as a child process at install time (second-stage install — may pull arbitrary packages with scripts enabled)
puppeteer@24.36.1 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity), runs npm/yarn/pnpm install as a child process at install time (second-stage install — may pull arbitrary packages with scripts enabled)
sqlite3@6.0.1 direct ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
unrs-resolver@1.12.2 transitive ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
📦 Download full reports (zip)
@github-actions

Copy link
Copy Markdown

✅ SUCCESS — indicator-suggestions deep scan

Command: node scripts/build-indicator-suggestions.js --add 9router --top 100 --deep

Full scan output (stdout + stderr)

📦 npm indicator-suggestions builder
   out:      /home/runner/work/npm-cli/npm-cli/indicator-suggestions.json
   packages: /home/runner/work/npm-cli/npm-cli/indicator-suggestions.packages.json (permanent store)
   resume:   /home/runner/work/npm-cli/npm-cli/indicator-suggestions.tmp.json  (deleted on success)
   deep:     /home/runner/work/npm-cli/npm-cli/indicator-suggestions.deep  (indicator files cached by name@version)
             with: /home/runner/work/npm-cli/npm-cli/lib/utils/indicator-scanner.js

Loading package data...
  (no existing data — fresh run, targeting 100 packages)

  query order: native, javascript, wasm, node, rust, addon, build, android, cli, npm, react-native
Steps 1–3/5: Scanning popular packages for lifecycle scripts...
  (target: 100 more packages with lifecycle scripts)
  (skipping 0 already-scanned names)
  (first run — recorded changes seq 116,678,226; next run will filter)

  + injected candidate: 9router
  + injected candidate: @swc/core
  ? probing alternate form: core
  + injected candidate: core  (alternate form of '@swc/core')
  + injected candidate: @parcel/watcher
  ? probing alternate form: watcher
  + injected candidate: watcher  (alternate form of '@parcel/watcher')
  + injected candidate: @sentry/cli
  ? probing alternate form: cli
  + injected candidate: cli  (alternate form of '@sentry/cli')
  + injected candidate: prisma
  + injected candidate: puppeteer
  + injected candidate: better-sqlite3
  + injected candidate: canvas
  + injected candidate: cypress
  + injected candidate: bcrypt
  + injected candidate: electron
  + injected candidate: lefthook
  + injected candidate: sqlite3
  + injected candidate: ffmpeg-static
  + injected candidate: node-sass
  + injected candidate: @tensorflow/tfjs-node
  ? probing alternate form: tfjs-node
  + injected candidate: tfjs-node  (alternate form of '@tensorflow/tfjs-node')
  + injected candidate: cross-env
  + injected candidate: cross-spawn
  + injected candidate: shelljs
  + injected candidate: gulp
  + injected candidate: gulp-cli
  + injected candidate: grunt
  + injected candidate: grunt-cli
  + injected candidate: jake
  + injected candidate: just-task
  + injected candidate: nps
  + injected candidate: wireit
  + injected candidate: taskr
  + injected candidate: nake
  + injected candidate: esbuild
  + injected candidate: rollup
  + injected candidate: vite
  + injected candidate: webpack
  + injected candidate: parcel
  + injected candidate: tsup
  + injected candidate: unbuild
  + injected candidate: brunch
  + injected candidate: broccoli
  + injected candidate: fuse-box
  + injected candidate: snowpack
  + injected candidate: nx
  + injected candidate: turborepo
  + injected candidate: lerna

Step 3.25/5: Processing 47 candidates...

  Candidates: fetching 47...
    [47/47] checked, 21 new, 0 version updates
    ✓ +21 of 47 candidates (21 in store, 44.7% hit rate)
    checkpoint saved — ready to refill

  query: keywords:native
    fetching offset=0...
    p1 offset=0 fetch=157ms | +250 new names, 0 seen-skips | 250 candidates, 21 in store
    saving checkpoint...
                       
    fetching offset=250...
    p2 offset=250 fetch=185ms | +250 new names, 0 seen-skips | 500 candidates, 21 in store
    saving checkpoint...
                       
  Candidates: fetching 500...
    [50/500] checked, 13 new, 0 version updates
    [100/500] checked, 23 new, 0 version updates
    [150/500] checked, 34 new, 0 version updates
    [200/500] checked, 58 new, 0 version updates
    [250/500] checked, 77 new, 0 version updates
    [300/500] checked, 88 new, 0 version updates
    [350/500] checked, 97 new, 0 version updates
    [400/500] checked, 106 new, 0 version updates
    [450/500] checked, 110 new, 0 version updates
    [500/500] checked, 118 new, 0 version updates
    [500/500] checked, 118 new, 0 version updates
    ✓ +118 of 500 candidates (139 in store, 23.6% hit rate)
    checkpoint saved — ready to refill
  checkpoint: 139 packages, 547 seen — saved

  ✓ search complete: 500 names examined this run (547 unique in seen-set)

Step 3.5/4: Expanding scoped packages with unscoped peers...
  checking 58 bare names...
  58 of 58 peers exist — added to candidates

  Candidates: fetching 58...
    [50/58] checked, 3 new, 0 version updates
    [58/58] checked, 6 new, 0 version updates
    ✓ +6 of 58 candidates (145 in store, 10.3% hit rate)
    checkpoint saved — ready to refill
Step 4/5: Deep scanning packages via unpkg...
  ├─ pass 1 (initial full fetch): all 145 packages...

  DeepFetch (reverify): 145 packages (145 new)...
    scanning 9router@0.5.8...
    scanning @swc/core@1.15.43...
    scanning @parcel/watcher@2.5.6...
    scanning @sentry/cli@3.5.1...
    scanning better-sqlite3@12.11.1...
    scanning canvas@3.2.3...
    scanning cypress@15.18.0...
    scanning puppeteer@25.2.1...
    scanning bcrypt@6.0.0...
    scanning lefthook@2.1.9...
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm64@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm-eabi@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-freebsd-x64@1.3.11/package.json
      + discovered @swc/core-win32-x64-msvc@1.15.43
      + discovered @swc/core-win32-ia32-msvc@1.15.43
      + discovered @swc/core-win32-arm64-msvc@1.15.43
      + discovered @swc/core-darwin-x64@1.15.43
      + discovered @swc/core-android-arm64@1.3.11
      + discovered @swc/core-android-arm-eabi@1.3.11
      + discovered @swc/core-darwin-arm64@1.15.43
      + discovered @swc/core-linux-x64-musl@1.15.43
      + discovered @swc/core-linux-arm64-musl@1.15.43
      + discovered @swc/core-linux-x64-gnu@1.15.43
      + discovered @swc/core-linux-ppc64-gnu@1.15.43
      + discovered @swc/core-linux-arm64-gnu@1.15.43
      + discovered @swc/core-freebsd-x64@1.3.11
      + discovered @swc/core-linux-arm-gnueabihf@1.15.43
      + discovered @swc/core-linux-s390x-gnu@1.15.43
    scanning sqlite3@6.0.1...
    scanning ffmpeg-static@5.3.0...
  ↩️  HTTP 302 → https://unpkg.com/puppeteer@25.2.1/package.json
    scanning node-sass@9.0.0...
    scanning prisma@7.8.0...
  ↩️  HTTP 302 → https://unpkg.com/lodash@4.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/chalk@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/listr2@9.0.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/common-tags@1.8.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/bluebird@3.7.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/log-symbols@4.1.0/package.json
    scanning @tensorflow/tfjs-node@4.22.0...
  ↩️  HTTP 302 → https://unpkg.com/@cypress/xvfb@1.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/arch@2.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/ospath@1.2.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/ci-info@4.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cachedir@2.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/systeminformation@5.31.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/executable@4.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/supports-color@8.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-installed-globally@0.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/untildify@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/fs-extra@9.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/commander@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/dayjs@1.11.21/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/request@4.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/request-progress@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/yauzl@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/pretty-bytes@5.6.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/tmp@0.2.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/cypress@15.18.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/minimist@1.2.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/env-paths@2.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/@derhuerst/http-basic@8.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@5.0.1/package.json
      + discovered env-paths@2.2.1
      + discovered progress@2.0.3
      + discovered https-proxy-agent@5.0.1
      + discovered @derhuerst/http-basic@8.2.4
    scanning wireit@0.14.13...
      + discovered lodash@4.18.1
      + discovered chalk@4.1.2
      + discovered common-tags@1.8.2
      + discovered debug@4.4.3
      + discovered log-symbols@4.1.0
      + discovered bluebird@3.7.2
      + discovered listr2@9.0.5
      + discovered tree-kill@1.2.2
      + discovered arch@2.2.0
      + discovered ospath@1.2.2
      + discovered hasha@5.2.2
      + discovered @cypress/xvfb@1.2.4
      + discovered execa@4.1.0
      + discovered ci-info@4.4.0
      + discovered systeminformation@5.31.11
      + discovered cachedir@2.4.0
      + discovered fs-extra@9.1.0
      + discovered commander@6.2.1
      + discovered supports-color@8.1.1
      + discovered dayjs@1.11.21
      + discovered is-installed-globally@0.4.0
      + discovered executable@4.1.1
      + discovered cli-table3@0.6.1
      + discovered yauzl@3.4.0
      + discovered untildify@4.0.0
      + discovered @cypress/request@4.0.1
      + discovered tmp@0.2.7
      + discovered proxy-from-env@1.0.0
      + discovered request-progress@3.0.0
      + discovered minimist@1.2.8
      + discovered pretty-bytes@5.6.0
    scanning esbuild@0.28.1...
    scanning rollup@4.62.2...
  ↩️  HTTP 302 → https://unpkg.com/make-fetch-happen@10.2.1/package.json
    scanning webpack@5.108.0...
  ↩️  HTTP 302 → https://unpkg.com/cross-spawn@7.0.6/package.json
    scanning unbuild@3.6.1...
      + discovered cross-spawn@7.0.6
      + discovered make-fetch-happen@10.2.1
    scanning nx@23.0.1...
    scanning has-symbols@1.1.0...
    scanning mkdirp@3.0.1...
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@2.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/tar@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/rimraf@2.7.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
    scanning async-function@1.0.0...
      + discovered adm-zip@0.5.17
      + discovered https-proxy-agent@2.2.4
      + discovered rimraf@2.7.1
      + discovered tar@6.2.1
    scanning generator-function@2.0.1...
    scanning cross-fetch@4.1.0...
    scanning @react-navigation/native-stack@7.17.6...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/bin/post-install.js
    scanning react-native-reanimated@4.5.0...
    scanning react-native-worklets@0.10.0...
    scanning async-generator-function@1.0.0...
    scanning @discordjs/opus@0.10.0...
    scanning preview-email@3.1.3...
    scanning node-liblzma@5.0.3...
    scanning react-native-haptic-feedback@3.0.0...
    scanning react-native-image-picker@8.2.1...
    scanning @capacitor/assets@3.0.5...
    scanning zeromq@6.5.0...
    scanning @ladjs/country-language@1.0.3...
    scanning @sentry-internal/node-native-stacktrace@0.5.0...
    scanning array-hyper-unique@2.1.8...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/native/index.js
    scanning @sentry/capacitor@4.1.0...
    scanning @revenuecat/purchases-capacitor@13.2.0...
    scanning ruvector@0.2.32...
    scanning @legendapp/motion@2.5.3...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/project-graph/plugins/index.js
      + discovered cmake-ts@1.0.2
    scanning react-native-fast-crypto@3.0.0...
    scanning @gluestack-ui/overlay@0.1.22...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/executors/run-commands/run-commands.impl.js
  ↩️  HTTP 302 → https://unpkg.com/detect-libc@2.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/node-abi@3.92.0/package.json
    scanning bun-pty@0.4.10...
      + discovered detect-libc@2.1.2
      + discovered node-abi@3.92.0
    scanning @gluestack-ui/hooks@0.1.13...
    scanning zstd-napi@0.0.12...
    scanning @gluestack-ui/form-control@0.1.19...
    scanning @gluestack-ui/toast@1.0.9...
    scanning @gluestack-ui/provider@0.1.19...
    scanning @gluestack-ui/checkbox@0.1.39...
    scanning @gluestack-ui/icon@0.1.27...
    [50] processed
    scanning @gluestack-ui/transitions@0.1.11...
    scanning @gluestack-ui/input@0.1.38...
  ↩️  HTTP 302 → https://unpkg.com/nx@23.0.1/package.json
    scanning @gluestack-ui/avatar@0.1.18...
  ↩️  HTTP 302 → https://unpkg.com/packages@0.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/typescript@6.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular/build@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular-devkit/build-angular@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc-node/register@1.11.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/ts-node@10.9.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/devkit@23.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/target@0.0.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/key@5.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/powerpack-license@5.0.8/package.json
    scanning @gluestack-ui/radio@0.1.40...
      + discovered tslib@2.8.1
      + discovered ora@5.4.1
      + discovered axios@1.16.0
      + discovered jsonc-parser@3.3.1
      + discovered tar-stream@2.2.0
      + discovered picocolors@1.1.1
      + discovered dotenv@16.4.7
      + discovered cli-cursor@3.1.0
      + discovered figures@3.2.0
      + discovered @zkochan/js-yaml@0.0.7
      + discovered @napi-rs/wasm-runtime@0.2.4
      + discovered cli-spinners@2.6.1
      + discovered @nx/nx-win32-arm64-msvc@23.0.1
      + discovered @nx/nx-darwin-x64@23.0.1
      + discovered lines-and-columns@2.0.3
      + discovered @nx/nx-win32-x64-msvc@23.0.1
      + discovered @nx/nx-linux-x64-musl@23.0.1
      + discovered @nx/nx-freebsd-x64@23.0.1
      + discovered @nx/nx-darwin-arm64@23.0.1
      + discovered @nx/nx-linux-x64-gnu@23.0.1
      + discovered @nx/nx-linux-arm64-musl@23.0.1
      + discovered minimatch@10.2.5
      + discovered string-width@4.2.3
      + discovered packages@0.0.8
      + discovered @nx/nx-linux-arm64-gnu@23.0.1
      + discovered cliui@8.0.1
      + discovered typescript@6.0.3
      + discovered resolve.exports@2.0.3
      + discovered @nx/nx-linux-arm-gnueabihf@23.0.1
      + discovered dotenv-expand@12.0.3
      + discovered ts-node@10.9.2
      + discovered @angular-devkit/build-angular@22.0.4
      + discovered @swc-node/register@1.11.1
      + discovered @angular/build@22.0.4
      + discovered flat@5.0.2
      + discovered tsconfig-paths@4.2.0
      + discovered enquirer@2.3.6
      + discovered semver@7.7.4
      + discovered yaml@2.9.0
      + discovered @nx/devkit@23.0.1
      + discovered target@0.0.2
      + discovered ignore@7.0.5
      + discovered npm-run-path@4.0.1
      + discovered yargs-parser@21.1.1
      + discovered @nx/key@5.0.8
      + discovered @nx/powerpack-license@5.0.8
    scanning @gluestack-ui/switch@0.1.29...
    scanning @gluestack-ui/button@1.0.14...
    scanning @gluestack-ui/progress@0.1.18...
    scanning @gluestack-ui/textarea@0.1.25...
    scanning react-native-modalize@2.1.1...
    scanning @gluestack-ui/modal@0.1.41...
    scanning unsafe-pointer@0.2.0...
    scanning @gluestack-ui/menu@0.2.43...
    scanning @gluestack-ui/alert-dialog@0.1.38...
    scanning @gluestack-ui/spinner@0.1.15...
    scanning @gluestack-ui/accordion@1.0.14...
    scanning @gluestack-ui/select@0.1.31...
    scanning @gluestack-ui/actionsheet@0.2.53...
    scanning @gluestack-ui/alert@0.1.16...
    scanning @codetrix-studio/capacitor-google-auth@3.4.0-rc.4...
    scanning native-machine-id@0.3.11...
    scanning @gluestack-ui/pressable@0.1.23...
    scanning @gluestack-ui/popover@0.1.49...
    scanning @gluestack-ui/link@0.1.29...
    scanning @gluestack-ui/image@0.1.17...
    scanning @capacitor/inappbrowser@4.0.0...
    scanning @gluestack-ui/fab@0.1.28...
    scanning react-native-network-logger@3.0.0...
    scanning @gluestack-ui/tooltip@0.1.44...
    scanning @gluestack-ui/slider@0.1.32...
    scanning @gluestack-ui/divider@0.1.10...
    scanning react-native-shadow-2@7.1.2...
    scanning @gluestack-style/animation-resolver@1.0.4...
    scanning @gluestack-style/legend-motion-animation-driver@1.0.3...
    scanning @gluestack-ui/themed@1.1.73...
    scanning @gluestack-ui/nativewind-utils@1.0.28...
    scanning binjumper@0.1.4...
    scanning @gluestack-ui/config@1.1.20...
    scanning @capacitor-community/admob@8.0.0...
    scanning react-native-portalize@1.0.7...
    scanning @unleash/proxy@1.4.19...
    scanning react-native-circular-progress-indicator@4.4.2...
    scanning react-native-monorepo-tools@1.2.1...
    scanning @react-native-assets/slider@11.0.12...
    scanning @capacitor-community/http@1.4.1...
    scanning @capacitor/background-runner@3.0.0...
    scanning react-native-draglist@3.10.0...
    scanning ref-napi@3.0.3...
    scanning react-native-navigation-mode@1.2.9...
    scanning storage-engine@3.0.7...
    scanning expo-native-sheet-emojis@2.1.0...
    [100] processed
    scanning @revenuecat/purchases-capacitor-ui@13.2.0...
    scanning expo-native-emojis-popup@1.1.2...
    scanning @sentry/node-native-stacktrace@0.5.1...
    scanning react-native-restart-newarch@1.0.85...
    scanning nodegit@0.27.0...
    scanning @kreuzberg/node@4.9.9...
    scanning @capacitor-community/camera-preview@8.0.1...
    scanning cf-prefs@2.0.1...
    scanning llama-cpp-capacitor@0.1.5...
    scanning @callstack/react-native-brownfield@3.13.1...
    scanning react-native-markdown-renderer@4.1.1...
    scanning react-native-screenguard@2.0.2...
    scanning @jasonscheirer/native-progress-bar@1.0.7...
    scanning react-native-calendar-strip@2.2.6...
    scanning lru-native2@1.2.6...
  ↩️  HTTP 302 → https://unpkg.com/detect-libc@2.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/node-abi@3.92.0/package.json
    scanning capacitor-branch-deep-links@10.0.0...
    scanning electron-click-drag-plugin@2.0.2...
    scanning @samyok/annoy@1.1.0...
    scanning react-native-easy-markdown@2.0.0...
    scanning native-reg@1.1.1...
    scanning @newrelic/newrelic-capacitor-plugin@1.6.7...
    scanning react-native-rate-app@2.0.1...
    scanning native-hdr-histogram@1.0.0...
    scanning react-native-scanbot-sdk@8.0.0...
    scanning @figma/nodegit@0.28.0-figma.9...
    scanning socketcan@4.2.2...
    scanning react-native-pdf-jsi@4.4.2...
    scanning data-fns@1.1.0...
    scanning @d-fischer/cross-fetch@5.0.5...
    scanning node-mac-permissions@2.5.0...
    scanning node-window-manager@2.2.4...
    scanning ref@1.3.5...
    scanning raknet-native@1.2.3...
    scanning zmq@2.15.3...
    scanning rsa-keygen@1.0.6...
    scanning motion@12.42.0...
    scanning modal@0.8.1...
    scanning fab@1.0.0-rc.9...
    scanning node@26.4.0...
    scanning native-progress-bar@1.0.3...
    scanning annoy@4.0.0...
  ↩️  HTTP 301 → https://unpkg.com/node@26.4.0/installArchSpecificPackage.js
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/node-bin-setup@1.1.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/bindings@1.5.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/segfault-handler@1.3.0/package.json
      + discovered node-bin-setup@1.1.4
      + discovered bindings@1.5.0
      + discovered segfault-handler@1.3.0
    ✓ 145 packages processed, 108 new candidates queued
    checkpoint saved

  ├─ draining 108 discovered packages...

  Candidates: fetching 108...
    [50/108] checked, 2 new, 0 version updates
    [100/108] checked, 7 new, 0 version updates
    [108/108] checked, 9 new, 0 version updates
    ✓ +9 of 108 candidates (154 in store, 8.3% hit rate)
    checkpoint saved — ready to refill
  ├─ pass 2 (discovered only): none queued yet...

  DeepFetch (discovery): 154 packages (154 cache invalidated — re-fetching)...
    scanning 9router@0.5.8...
    scanning @swc/core@1.15.43...
    scanning @parcel/watcher@2.5.6...
    scanning @sentry/cli@3.5.1...
    scanning better-sqlite3@12.11.1...
    scanning canvas@3.2.3...
    scanning cypress@15.18.0...
    scanning puppeteer@25.2.1...
    scanning bcrypt@6.0.0...
    scanning lefthook@2.1.9...
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm64@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm-eabi@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-freebsd-x64@1.3.11/package.json
    scanning sqlite3@6.0.1...
    scanning ffmpeg-static@5.3.0...
    scanning node-sass@9.0.0...
  ↩️  HTTP 302 → https://unpkg.com/@cypress/xvfb@1.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/bluebird@3.7.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/common-tags@1.8.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/puppeteer@25.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/chalk@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/arch@2.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/lodash@4.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/ospath@1.2.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/ci-info@4.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cachedir@2.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/log-symbols@4.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/supports-color@8.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/systeminformation@5.31.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-installed-globally@0.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/fs-extra@9.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/untildify@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/executable@4.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/commander@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/request-progress@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/dayjs@1.11.21/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/request@4.0.1/package.json
    scanning prisma@7.8.0...
  ↩️  HTTP 302 → https://unpkg.com/listr2@9.0.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/yauzl@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/pretty-bytes@5.6.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/tmp@0.2.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/cypress@15.18.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/minimist@1.2.8/package.json
    scanning @tensorflow/tfjs-node@4.22.0...
    scanning wireit@0.14.13...
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/@derhuerst/http-basic@8.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/env-paths@2.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@5.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
  ↩️  HTTP 302 → https://unpkg.com/tar@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/rimraf@2.7.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@2.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/make-fetch-happen@10.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/cross-spawn@7.0.6/package.json
    scanning esbuild@0.28.1...
    scanning rollup@4.62.2...
    scanning webpack@5.108.0...
    scanning unbuild@3.6.1...
    scanning nx@23.0.1...
    scanning has-symbols@1.1.0...
    scanning mkdirp@3.0.1...
    scanning async-function@1.0.0...
    scanning generator-function@2.0.1...
    scanning cross-fetch@4.1.0...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/bin/post-install.js
    scanning @react-navigation/native-stack@7.17.6...
    scanning react-native-reanimated@4.5.0...
    scanning react-native-worklets@0.10.0...
    scanning async-generator-function@1.0.0...
    scanning @discordjs/opus@0.10.0...
    scanning preview-email@3.1.3...
    scanning node-liblzma@5.0.3...
    scanning react-native-haptic-feedback@3.0.0...
    scanning react-native-image-picker@8.2.1...
    scanning @capacitor/assets@3.0.5...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/native/index.js
    scanning zeromq@6.5.0...
    scanning @ladjs/country-language@1.0.3...
    scanning @sentry-internal/node-native-stacktrace@0.5.0...
    scanning array-hyper-unique@2.1.8...
    scanning @sentry/capacitor@4.1.0...
    scanning @revenuecat/purchases-capacitor@13.2.0...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/project-graph/plugins/index.js
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/executors/run-commands/run-commands.impl.js
  ↩️  HTTP 302 → https://unpkg.com/detect-libc@2.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/node-abi@3.92.0/package.json
    scanning ruvector@0.2.32...
    scanning @legendapp/motion@2.5.3...
    scanning react-native-fast-crypto@3.0.0...
    scanning @gluestack-ui/overlay@0.1.22...
  ↩️  HTTP 302 → https://unpkg.com/nx@23.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/packages@0.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular/build@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/ts-node@10.9.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc-node/register@1.11.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular-devkit/build-angular@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/target@0.0.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/typescript@6.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/devkit@23.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/key@5.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/powerpack-license@5.0.8/package.json
    scanning bun-pty@0.4.10...
    scanning @gluestack-ui/hooks@0.1.13...
    scanning zstd-napi@0.0.12...
    scanning @gluestack-ui/form-control@0.1.19...
    scanning @gluestack-ui/toast@1.0.9...
    scanning @gluestack-ui/provider@0.1.19...
    scanning @gluestack-ui/checkbox@0.1.39...
    scanning @gluestack-ui/icon@0.1.27...
    [50] processed
    scanning @gluestack-ui/transitions@0.1.11...
    scanning @gluestack-ui/input@0.1.38...
    scanning @gluestack-ui/avatar@0.1.18...
    scanning @gluestack-ui/radio@0.1.40...
    scanning @gluestack-ui/switch@0.1.29...
    scanning @gluestack-ui/button@1.0.14...
    scanning @gluestack-ui/progress@0.1.18...
    scanning @gluestack-ui/textarea@0.1.25...
    scanning react-native-modalize@2.1.1...
    scanning @gluestack-ui/modal@0.1.41...
    scanning unsafe-pointer@0.2.0...
    scanning @gluestack-ui/menu@0.2.43...
    scanning @gluestack-ui/alert-dialog@0.1.38...
    scanning @gluestack-ui/spinner@0.1.15...
    scanning @gluestack-ui/accordion@1.0.14...
    scanning @gluestack-ui/select@0.1.31...
    scanning @gluestack-ui/actionsheet@0.2.53...
    scanning @gluestack-ui/alert@0.1.16...
    scanning @codetrix-studio/capacitor-google-auth@3.4.0-rc.4...
    scanning native-machine-id@0.3.11...
    scanning @gluestack-ui/pressable@0.1.23...
    scanning @gluestack-ui/popover@0.1.49...
    scanning @gluestack-ui/link@0.1.29...
    scanning @gluestack-ui/image@0.1.17...
    scanning @capacitor/inappbrowser@4.0.0...
    scanning @gluestack-ui/fab@0.1.28...
    scanning react-native-network-logger@3.0.0...
    scanning @gluestack-ui/tooltip@0.1.44...
    scanning @gluestack-ui/slider@0.1.32...
    scanning @gluestack-ui/divider@0.1.10...
    scanning react-native-shadow-2@7.1.2...
    scanning @gluestack-style/animation-resolver@1.0.4...
    scanning @gluestack-style/legend-motion-animation-driver@1.0.3...
    scanning @gluestack-ui/themed@1.1.73...
    scanning @gluestack-ui/nativewind-utils@1.0.28...
    scanning binjumper@0.1.4...
    scanning @gluestack-ui/config@1.1.20...
    scanning @capacitor-community/admob@8.0.0...
    scanning react-native-portalize@1.0.7...
    scanning @unleash/proxy@1.4.19...
    scanning react-native-circular-progress-indicator@4.4.2...
    scanning react-native-monorepo-tools@1.2.1...
    scanning @react-native-assets/slider@11.0.12...
    scanning @capacitor-community/http@1.4.1...
    scanning @capacitor/background-runner@3.0.0...
    scanning react-native-draglist@3.10.0...
    scanning ref-napi@3.0.3...
    scanning react-native-navigation-mode@1.2.9...
    scanning storage-engine@3.0.7...
    [100] processed
    scanning expo-native-sheet-emojis@2.1.0...
    scanning @revenuecat/purchases-capacitor-ui@13.2.0...
    scanning expo-native-emojis-popup@1.1.2...
    scanning @sentry/node-native-stacktrace@0.5.1...
    scanning react-native-restart-newarch@1.0.85...
    scanning nodegit@0.27.0...
    scanning @kreuzberg/node@4.9.9...
    scanning @capacitor-community/camera-preview@8.0.1...
    scanning cf-prefs@2.0.1...
    scanning llama-cpp-capacitor@0.1.5...
    scanning @callstack/react-native-brownfield@3.13.1...
    scanning react-native-markdown-renderer@4.1.1...
    scanning react-native-screenguard@2.0.2...
    scanning @jasonscheirer/native-progress-bar@1.0.7...
  ↩️  HTTP 302 → https://unpkg.com/detect-libc@2.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/node-abi@3.92.0/package.json
    scanning react-native-calendar-strip@2.2.6...
    scanning lru-native2@1.2.6...
    scanning capacitor-branch-deep-links@10.0.0...
    scanning electron-click-drag-plugin@2.0.2...
    scanning @samyok/annoy@1.1.0...
    scanning react-native-easy-markdown@2.0.0...
    scanning native-reg@1.1.1...
    scanning @newrelic/newrelic-capacitor-plugin@1.6.7...
    scanning react-native-rate-app@2.0.1...
    scanning native-hdr-histogram@1.0.0...
    scanning react-native-scanbot-sdk@8.0.0...
    scanning @figma/nodegit@0.28.0-figma.9...
    scanning socketcan@4.2.2...
    scanning react-native-pdf-jsi@4.4.2...
    scanning data-fns@1.1.0...
    scanning @d-fischer/cross-fetch@5.0.5...
    scanning node-mac-permissions@2.5.0...
    scanning node-window-manager@2.2.4...
    scanning ref@1.3.5...
    scanning raknet-native@1.2.3...
    scanning zmq@2.15.3...
    scanning rsa-keygen@1.0.6...
    scanning motion@12.42.0...
    scanning modal@0.8.1...
    scanning fab@1.0.0-rc.9...
    scanning node@26.4.0...
    scanning native-progress-bar@1.0.3...
    scanning annoy@4.0.0...
    scanning ci-info@4.4.0...
    scanning minimist@1.2.8...
    scanning axios@1.16.0...
  ↩️  HTTP 301 → https://unpkg.com/node@26.4.0/installArchSpecificPackage.js
    scanning jsonc-parser@3.3.1...
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/bindings@1.5.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/segfault-handler@1.3.0/package.json
    scanning minimatch@10.2.5...
    scanning cliui@8.0.1...
  ↩️  HTTP 302 → https://unpkg.com/node-bin-setup@1.1.4/package.json
    scanning ts-node@10.9.2...
    scanning yargs-parser@21.1.1...
    [150] processed
    scanning segfault-handler@1.3.0...
  ↩️  HTTP 301 → https://unpkg.com/ts-node@10.9.2/register/index.js
    ✓ 154 packages processed, no new candidates
    checkpoint saved

  ├─ reverify: full fetch (154 packages — confirming all deps cached)...

  DeepFetch (reverify): 154 packages (154 cache invalidated — re-fetching)...
    scanning 9router@0.5.8...
    scanning @swc/core@1.15.43...
    scanning @parcel/watcher@2.5.6...
    scanning @sentry/cli@3.5.1...
    scanning better-sqlite3@12.11.1...
    scanning canvas@3.2.3...
    scanning cypress@15.18.0...
    scanning puppeteer@25.2.1...
    scanning bcrypt@6.0.0...
    scanning lefthook@2.1.9...
    scanning sqlite3@6.0.1...
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm64@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm-eabi@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-freebsd-x64@1.3.11/package.json
    scanning ffmpeg-static@5.3.0...
  ↩️  HTTP 302 → https://unpkg.com/puppeteer@25.2.1/package.json
    scanning node-sass@9.0.0...
  ↩️  HTTP 302 → https://unpkg.com/bluebird@3.7.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/xvfb@1.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
    scanning prisma@7.8.0...
  ↩️  HTTP 302 → https://unpkg.com/chalk@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/common-tags@1.8.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/arch@2.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/lodash@4.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/ospath@1.2.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/ci-info@4.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cachedir@2.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/log-symbols@4.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/executable@4.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/systeminformation@5.31.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/supports-color@8.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/fs-extra@9.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-installed-globally@0.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/untildify@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/commander@6.2.1/package.json
    scanning @tensorflow/tfjs-node@4.22.0...
  ↩️  HTTP 302 → https://unpkg.com/@cypress/request@4.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/listr2@9.0.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/request-progress@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/dayjs@1.11.21/package.json
  ↩️  HTTP 302 → https://unpkg.com/pretty-bytes@5.6.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/yauzl@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/tmp@0.2.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/cypress@15.18.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/minimist@1.2.8/package.json
    scanning wireit@0.14.13...
  ↩️  HTTP 302 → https://unpkg.com/env-paths@2.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@derhuerst/http-basic@8.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@5.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@2.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/rimraf@2.7.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
  ↩️  HTTP 302 → https://unpkg.com/tar@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/make-fetch-happen@10.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/cross-spawn@7.0.6/package.json
    scanning esbuild@0.28.1...
    scanning rollup@4.62.2...
    scanning webpack@5.108.0...
    scanning unbuild@3.6.1...
    scanning nx@23.0.1...
    scanning has-symbols@1.1.0...
    scanning mkdirp@3.0.1...
    scanning async-function@1.0.0...
    scanning generator-function@2.0.1...
    scanning cross-fetch@4.1.0...
    scanning @react-navigation/native-stack@7.17.6...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/bin/post-install.js
    scanning react-native-reanimated@4.5.0...
    scanning react-native-worklets@0.10.0...
    scanning async-generator-function@1.0.0...
    scanning @discordjs/opus@0.10.0...
    scanning preview-email@3.1.3...
    scanning node-liblzma@5.0.3...
    scanning react-native-haptic-feedback@3.0.0...
    scanning react-native-image-picker@8.2.1...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/native/index.js
    scanning @capacitor/assets@3.0.5...
    scanning zeromq@6.5.0...
    scanning @ladjs/country-language@1.0.3...
    scanning @sentry-internal/node-native-stacktrace@0.5.0...
    scanning array-hyper-unique@2.1.8...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/project-graph/plugins/index.js
    scanning @sentry/capacitor@4.1.0...
    scanning @revenuecat/purchases-capacitor@13.2.0...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/executors/run-commands/run-commands.impl.js
  ↩️  HTTP 302 → https://unpkg.com/node-abi@3.92.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/detect-libc@2.1.2/package.json
    scanning ruvector@0.2.32...
    scanning @legendapp/motion@2.5.3...
    scanning react-native-fast-crypto@3.0.0...
    scanning @gluestack-ui/overlay@0.1.22...
  ↩️  HTTP 302 → https://unpkg.com/nx@23.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/packages@0.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc-node/register@1.11.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular/build@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/ts-node@10.9.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/target@0.0.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular-devkit/build-angular@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/typescript@6.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/key@5.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/devkit@23.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/powerpack-license@5.0.8/package.json
    scanning bun-pty@0.4.10...
    scanning @gluestack-ui/hooks@0.1.13...
    scanning zstd-napi@0.0.12...
    scanning @gluestack-ui/form-control@0.1.19...
    scanning @gluestack-ui/toast@1.0.9...
    scanning @gluestack-ui/provider@0.1.19...
    scanning @gluestack-ui/checkbox@0.1.39...
    [50] processed
    scanning @gluestack-ui/icon@0.1.27...
    scanning @gluestack-ui/transitions@0.1.11...
    scanning @gluestack-ui/input@0.1.38...
    scanning @gluestack-ui/avatar@0.1.18...
    scanning @gluestack-ui/radio@0.1.40...
    scanning @gluestack-ui/switch@0.1.29...
    scanning @gluestack-ui/button@1.0.14...
    scanning @gluestack-ui/progress@0.1.18...
    scanning @gluestack-ui/textarea@0.1.25...
    scanning react-native-modalize@2.1.1...
    scanning @gluestack-ui/modal@0.1.41...
    scanning unsafe-pointer@0.2.0...
    scanning @gluestack-ui/menu@0.2.43...
    scanning @gluestack-ui/alert-dialog@0.1.38...
    scanning @gluestack-ui/spinner@0.1.15...
    scanning @gluestack-ui/accordion@1.0.14...
    scanning @gluestack-ui/select@0.1.31...
    scanning @gluestack-ui/actionsheet@0.2.53...
    scanning @gluestack-ui/alert@0.1.16...
    scanning @codetrix-studio/capacitor-google-auth@3.4.0-rc.4...
    scanning native-machine-id@0.3.11...
    scanning @gluestack-ui/pressable@0.1.23...
    scanning @gluestack-ui/popover@0.1.49...
    scanning @gluestack-ui/link@0.1.29...
    scanning @gluestack-ui/image@0.1.17...
    scanning @capacitor/inappbrowser@4.0.0...
    scanning @gluestack-ui/fab@0.1.28...
    scanning react-native-network-logger@3.0.0...
    scanning @gluestack-ui/tooltip@0.1.44...
    scanning @gluestack-ui/slider@0.1.32...
    scanning @gluestack-ui/divider@0.1.10...
    scanning react-native-shadow-2@7.1.2...
    scanning @gluestack-style/animation-resolver@1.0.4...
    scanning @gluestack-style/legend-motion-animation-driver@1.0.3...
    scanning @gluestack-ui/themed@1.1.73...
    scanning @gluestack-ui/nativewind-utils@1.0.28...
    scanning binjumper@0.1.4...
    scanning @gluestack-ui/config@1.1.20...
    scanning @capacitor-community/admob@8.0.0...
    scanning react-native-portalize@1.0.7...
    scanning @unleash/proxy@1.4.19...
    scanning react-native-circular-progress-indicator@4.4.2...
    scanning react-native-monorepo-tools@1.2.1...
    scanning @react-native-assets/slider@11.0.12...
    scanning @capacitor-community/http@1.4.1...
    scanning @capacitor/background-runner@3.0.0...
    scanning react-native-draglist@3.10.0...
    scanning ref-napi@3.0.3...
    scanning react-native-navigation-mode@1.2.9...
    scanning storage-engine@3.0.7...
    [100] processed
    scanning expo-native-sheet-emojis@2.1.0...
    scanning @revenuecat/purchases-capacitor-ui@13.2.0...
    scanning expo-native-emojis-popup@1.1.2...
    scanning @sentry/node-native-stacktrace@0.5.1...
    scanning react-native-restart-newarch@1.0.85...
    scanning nodegit@0.27.0...
    scanning @kreuzberg/node@4.9.9...
    scanning @capacitor-community/camera-preview@8.0.1...
    scanning cf-prefs@2.0.1...
    scanning llama-cpp-capacitor@0.1.5...
    scanning @callstack/react-native-brownfield@

…(truncated — 130892 chars total, see artifact for full output)
…*(truncated — full output in artifact)*

📦 Download full scan artifacts (zip)

The 3250-line monolith is replaced by a thin entry point + 8 modules in
scripts/build-indicator/:

  integrity.js     (38 lines)  — SHA-256 hash/wrap/unwrap helpers + seeds
  defang.js       (187 lines)  — file defanging: JS/shell/batch/binary logic
  http.js         (359 lines)  — HTTP layer: circuit-breaker, fetchRaw/Json,
                                 fetchChangedNames, getPackageManifest
  lifecycle.js    (313 lines)  — lifecycle script analysis: extract, diff,
                                 match indicators, infer files, suggest signal
  package-cache.js(161 lines)  — loadPackageCache / savePackageCache
  process-lock.js  (64 lines)  — makeLockHelpers / isPidAlive
  deep-cache.js   (421 lines)  — deep fetch/scan pipeline, version hashes,
                                 hashDirTree, deepFetchPackage, deepAnalyzePackage
  main.js        (1685 lines)  — CLI args, run loop, drain, search, output

build-indicator-suggestions.js is now a 3-line entry:
  require('./build-indicator/main')

No behaviour changes — all logic is identical, only the file layout changed.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions

Copy link
Copy Markdown

✅ PASS — approve-scripts smoke report

All packages with lifecycle scripts are correctly identified as pending approval.

Package Type Status Top risks
@mongodb-js/zstd@7.0.0 direct ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
@playwright/browser-chromium@1.60.0 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
@playwright/browser-firefox@1.60.0 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
@playwright/browser-webkit@1.60.0 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
better-sqlite3@12.11.1 transitive ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
esbuild@0.28.1 transitive ⏳ pending uses child_process (can spawn external commands), makes network requests, contains dense hex-escape sequences (obfuscation indicator)
kerberos@7.0.0 direct ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
nx@22.7.5 transitive ⏳ pending may write outside the package directory, uses child_process (can spawn external commands), runs npm/yarn/pnpm install as a child process at install time (second-stage install — may pull arbitrary packages with scripts enabled)
puppeteer@24.36.1 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity), runs npm/yarn/pnpm install as a child process at install time (second-stage install — may pull arbitrary packages with scripts enabled)
sqlite3@6.0.1 direct ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
unrs-resolver@1.12.2 transitive ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
📦 Download full reports (zip)
@github-actions

Copy link
Copy Markdown

✅ PASS — approve-scripts smoke report

All packages with lifecycle scripts are correctly identified as pending approval.

Package Type Status Top risks
@mongodb-js/zstd@7.0.0 direct ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
@playwright/browser-chromium@1.60.0 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
@playwright/browser-firefox@1.60.0 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
@playwright/browser-webkit@1.60.0 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
better-sqlite3@12.11.1 transitive ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
esbuild@0.28.1 transitive ⏳ pending uses child_process (can spawn external commands), makes network requests, contains dense hex-escape sequences (obfuscation indicator)
kerberos@7.0.0 direct ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
nx@22.7.5 transitive ⏳ pending may write outside the package directory, uses child_process (can spawn external commands), runs npm/yarn/pnpm install as a child process at install time (second-stage install — may pull arbitrary packages with scripts enabled)
puppeteer@24.36.1 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity), runs npm/yarn/pnpm install as a child process at install time (second-stage install — may pull arbitrary packages with scripts enabled)
sqlite3@6.0.1 direct ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
unrs-resolver@1.12.2 transitive ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
📦 Download full reports (zip)
@github-actions

Copy link
Copy Markdown

✅ SUCCESS — indicator-suggestions deep scan

Command: node scripts/build-indicator-suggestions.js --add 9router --top 100 --deep

Full scan output (stdout + stderr)

📦 npm indicator-suggestions builder
   out:      /home/runner/work/npm-cli/npm-cli/indicator-suggestions.json
   packages: /home/runner/work/npm-cli/npm-cli/indicator-suggestions.packages.json (permanent store)
   resume:   /home/runner/work/npm-cli/npm-cli/indicator-suggestions.tmp.json  (deleted on success)
   deep:     /home/runner/work/npm-cli/npm-cli/indicator-suggestions.deep  (indicator files cached by name@version)
             with: /home/runner/work/npm-cli/npm-cli/lib/utils/indicator-scanner.js

Loading package data...
  (no existing data — fresh run, targeting 100 packages)

  query order: node, native, addon, build, javascript, cli, react-native, npm, rust, android, wasm
Steps 1–3/5: Scanning popular packages for lifecycle scripts...
  (target: 100 more packages with lifecycle scripts)
  (skipping 0 already-scanned names)
  (first run — recorded changes seq 116,682,262; next run will filter)

  + injected candidate: 9router
  + injected candidate: @swc/core
  ? probing alternate form: core
  + injected candidate: core  (alternate form of '@swc/core')
  + injected candidate: @parcel/watcher
  ? probing alternate form: watcher
  + injected candidate: watcher  (alternate form of '@parcel/watcher')
  + injected candidate: @sentry/cli
  ? probing alternate form: cli
  + injected candidate: cli  (alternate form of '@sentry/cli')
  + injected candidate: prisma
  + injected candidate: puppeteer
  + injected candidate: better-sqlite3
  + injected candidate: canvas
  + injected candidate: cypress
  + injected candidate: bcrypt
  + injected candidate: electron
  + injected candidate: lefthook
  + injected candidate: sqlite3
  + injected candidate: ffmpeg-static
  + injected candidate: node-sass
  + injected candidate: @tensorflow/tfjs-node
  ? probing alternate form: tfjs-node
  + injected candidate: tfjs-node  (alternate form of '@tensorflow/tfjs-node')
  + injected candidate: cross-env
  + injected candidate: cross-spawn
  + injected candidate: shelljs
  + injected candidate: gulp
  + injected candidate: gulp-cli
  + injected candidate: grunt
  + injected candidate: grunt-cli
  + injected candidate: jake
  + injected candidate: just-task
  + injected candidate: nps
  + injected candidate: wireit
  + injected candidate: taskr
  + injected candidate: nake
  + injected candidate: esbuild
  + injected candidate: rollup
  + injected candidate: vite
  + injected candidate: webpack
  + injected candidate: parcel
  + injected candidate: tsup
  + injected candidate: unbuild
  + injected candidate: brunch
  + injected candidate: broccoli
  + injected candidate: fuse-box
  + injected candidate: snowpack
  + injected candidate: nx
  + injected candidate: turborepo
  + injected candidate: lerna

Step 3.25/5: Processing 47 candidates...

  Candidates: fetching 47...
    [47/47] checked, 21 new, 0 version updates
    ✓ +21 of 47 candidates (21 in store, 44.7% hit rate)
    checkpoint saved — ready to refill

  query: keywords:node
    fetching offset=0...
    p1 offset=0 fetch=289ms | +250 new names, 0 seen-skips | 250 candidates, 21 in store
    saving checkpoint...
                       
    fetching offset=250...
    p2 offset=250 fetch=481ms | +250 new names, 0 seen-skips | 500 candidates, 21 in store
    saving checkpoint...
                       
  Candidates: fetching 500...
    [50/500] checked, 16 new, 0 version updates
    [100/500] checked, 23 new, 0 version updates
    [150/500] checked, 29 new, 0 version updates
    [200/500] checked, 30 new, 0 version updates
    [250/500] checked, 35 new, 0 version updates
    [300/500] checked, 44 new, 0 version updates
    [350/500] checked, 58 new, 0 version updates
    [400/500] checked, 69 new, 0 version updates
    [450/500] checked, 78 new, 0 version updates
    [500/500] checked, 90 new, 0 version updates
    [500/500] checked, 90 new, 0 version updates
    ✓ +90 of 500 candidates (111 in store, 18.0% hit rate)
    checkpoint saved — ready to refill
  checkpoint: 111 packages, 547 seen — saved

  ✓ search complete: 500 names examined this run (547 unique in seen-set)

Step 3.5/4: Expanding scoped packages with unscoped peers...
  checking 32 bare names...
  32 of 32 peers exist — added to candidates

  Candidates: fetching 32...
    [32/32] checked, 2 new, 0 version updates
    ✓ +2 of 32 candidates (113 in store, 6.3% hit rate)
    checkpoint saved — ready to refill
Step 4/5: Deep scanning packages via unpkg...
  ├─ pass 1 (initial full fetch): all 113 packages...

  DeepFetch (reverify): 113 packages (113 new)...
    scanning 9router@0.5.8...
    scanning @swc/core@1.15.43...
    scanning @parcel/watcher@2.5.6...
    scanning @sentry/cli@3.5.1...
    scanning puppeteer@25.2.1...
  ↩️  HTTP 302 → https://unpkg.com/puppeteer@25.2.1/package.json
    scanning better-sqlite3@12.11.1...
    scanning cypress@15.18.0...
    scanning canvas@3.2.3...
    scanning bcrypt@6.0.0...
    scanning lefthook@2.1.9...
    scanning sqlite3@6.0.1...
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm64@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm-eabi@1.3.11/package.json
    scanning node-sass@9.0.0...
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-freebsd-x64@1.3.11/package.json
      + discovered @swc/core-win32-x64-msvc@1.15.43
      + discovered @swc/core-win32-ia32-msvc@1.15.43
      + discovered @swc/core-win32-arm64-msvc@1.15.43
      + discovered @swc/core-darwin-x64@1.15.43
      + discovered @swc/core-darwin-arm64@1.15.43
      + discovered @swc/core-android-arm64@1.3.11
      + discovered @swc/core-android-arm-eabi@1.3.11
      + discovered @swc/core-linux-x64-musl@1.15.43
      + discovered @swc/core-linux-x64-gnu@1.15.43
      + discovered @swc/core-linux-arm64-gnu@1.15.43
      + discovered @swc/core-linux-arm-gnueabihf@1.15.43
      + discovered @swc/core-linux-arm64-musl@1.15.43
      + discovered @swc/core-linux-ppc64-gnu@1.15.43
      + discovered @swc/core-linux-s390x-gnu@1.15.43
      + discovered @swc/core-freebsd-x64@1.3.11
    scanning ffmpeg-static@5.3.0...
    scanning @tensorflow/tfjs-node@4.22.0...
  ↩️  HTTP 302 → https://unpkg.com/bluebird@3.7.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/common-tags@1.8.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/chalk@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/lodash@4.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/arch@2.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/ospath@1.2.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/ci-info@4.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cachedir@2.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/log-symbols@4.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/systeminformation@5.31.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/executable@4.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-installed-globally@0.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/supports-color@8.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/fs-extra@9.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/untildify@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/commander@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/dayjs@1.11.21/package.json
  ↩️  HTTP 302 → https://unpkg.com/listr2@9.0.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/request@4.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/request-progress@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/yauzl@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/pretty-bytes@5.6.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cypress@15.18.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/tmp@0.2.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/minimist@1.2.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/env-paths@2.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@5.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@derhuerst/http-basic@8.2.4/package.json
    scanning prisma@7.8.0...
      + discovered env-paths@2.2.1
      + discovered progress@2.0.3
      + discovered https-proxy-agent@5.0.1
      + discovered @derhuerst/http-basic@8.2.4
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@2.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/make-fetch-happen@10.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/xvfb@1.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/tar@6.2.1/package.json
      + discovered bluebird@3.7.2
      + discovered common-tags@1.8.2
      + discovered chalk@4.1.2
      + discovered lodash@4.18.1
      + discovered debug@4.4.3
      + discovered hasha@5.2.2
      + discovered arch@2.2.0
      + discovered execa@4.1.0
      + discovered ospath@1.2.2
      + discovered ci-info@4.4.0
      + discovered log-symbols@4.1.0
      + discovered cachedir@2.4.0
      + discovered systeminformation@5.31.11
      + discovered executable@4.1.1
      + discovered is-installed-globally@0.4.0
      + discovered supports-color@8.1.1
      + discovered fs-extra@9.1.0
      + discovered cli-table3@0.6.1
      + discovered untildify@4.0.0
      + discovered commander@6.2.1
      + discovered dayjs@1.11.21
      + discovered proxy-from-env@1.0.0
      + discovered listr2@9.0.5
      + discovered @cypress/request@4.0.1
      + discovered request-progress@3.0.0
      + discovered tree-kill@1.2.2
      + discovered yauzl@3.4.0
      + discovered pretty-bytes@5.6.0
      + discovered tmp@0.2.7
      + discovered minimist@1.2.8
      + discovered @cypress/xvfb@1.2.4
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
  ↩️  HTTP 302 → https://unpkg.com/rimraf@2.7.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/cross-spawn@7.0.6/package.json
      + discovered https-proxy-agent@2.2.4
      + discovered tar@6.2.1
      + discovered adm-zip@0.5.17
      + discovered rimraf@2.7.1
      + discovered make-fetch-happen@10.2.1
      + discovered cross-spawn@7.0.6
    scanning wireit@0.14.13...
    scanning rollup@4.62.2...
    scanning webpack@5.108.0...
    scanning esbuild@0.28.1...
    scanning unbuild@3.6.1...
    scanning nx@23.0.1...
    scanning resolve@1.22.12...
    scanning is-core-module@2.16.2...
    scanning axios@1.18.1...
    scanning unist-util-stringify-position@4.0.0...
    scanning unist-util-is@6.0.1...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/bin/post-install.js
    scanning unist-util-visit@5.1.0...
    scanning mdast-util-to-string@4.0.0...
    scanning ts-node@10.9.2...
    scanning cross-fetch@4.1.0...
    scanning unist-util-position@5.0.0...
    scanning is-bun-module@2.0.0...
    scanning node-abi@4.31.0...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/native/index.js
    scanning fastest-levenshtein@1.0.16...
  ↩️  HTTP 301 → https://unpkg.com/ts-node@10.9.2/register/index.js
    scanning node-exports-info@2.0.0...
    scanning import-meta-resolve@4.2.0...
    scanning @azure/msal-node@5.3.0...
    scanning mdast-util-definitions@6.0.0...
    scanning estree-util-visit@2.0.0...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/project-graph/plugins/index.js
    scanning unist-util-find-after@5.0.0...
    scanning log4js@6.9.1...
    scanning eslint-plugin-n@18.2.0...
    scanning unist-util-position-from-estree@2.0.0...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/executors/run-commands/run-commands.impl.js
    scanning natural-orderby@5.0.0...
    scanning @openfeature/server-sdk@1.22.0...
    scanning @dual-bundle/import-meta-resolve@4.2.1...
    scanning unist-util-remove@4.0.0...
    scanning unist-util-filter@5.0.1...
    scanning bun@1.3.14...
  ↩️  HTTP 302 → https://unpkg.com/nx@23.0.1/package.json
    scanning @xmldom/is-dom-node@1.0.1...
  ↩️  HTTP 302 → https://unpkg.com/packages@0.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular/build@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/ts-node@10.9.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/typescript@6.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular-devkit/build-angular@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc-node/register@1.11.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/key@5.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/devkit@23.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/target@0.0.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/powerpack-license@5.0.8/package.json
      + discovered tslib@2.8.1
      + discovered dotenv@16.4.7
      + discovered axios@1.16.0
      + discovered lines-and-columns@2.0.3
      + discovered jsonc-parser@3.3.1
      + discovered @zkochan/js-yaml@0.0.7
      + discovered picocolors@1.1.1
      + discovered figures@3.2.0
      + discovered cli-cursor@3.1.0
      + discovered ora@5.4.1
      + discovered tar-stream@2.2.0
      + discovered cli-spinners@2.6.1
      + discovered @napi-rs/wasm-runtime@0.2.4
      + discovered @nx/nx-win32-x64-msvc@23.0.1
      + discovered @nx/nx-win32-arm64-msvc@23.0.1
      + discovered @nx/nx-darwin-x64@23.0.1
      + discovered @nx/nx-darwin-arm64@23.0.1
      + discovered @nx/nx-freebsd-x64@23.0.1
      + discovered @nx/nx-linux-x64-musl@23.0.1
      + discovered @nx/nx-linux-x64-gnu@23.0.1
      + discovered @nx/nx-linux-arm64-gnu@23.0.1
      + discovered @nx/nx-linux-arm64-musl@23.0.1
      + discovered @nx/nx-linux-arm-gnueabihf@23.0.1
      + discovered minimatch@10.2.5
      + discovered dotenv-expand@12.0.3
      + discovered string-width@4.2.3
      + discovered packages@0.0.8
      + discovered cliui@8.0.1
      + discovered resolve.exports@2.0.3
      + discovered @angular/build@22.0.4
      + discovered typescript@6.0.3
      + discovered tsconfig-paths@4.2.0
      + discovered @angular-devkit/build-angular@22.0.4
      + discovered flat@5.0.2
      + discovered enquirer@2.3.6
      + discovered @swc-node/register@1.11.1
      + discovered ignore@7.0.5
      + discovered yaml@2.9.0
      + discovered semver@7.7.4
      + discovered npm-run-path@4.0.1
      + discovered yargs-parser@21.1.1
      + discovered @nx/key@5.0.8
      + discovered @nx/devkit@23.0.1
      + discovered target@0.0.2
      + discovered @nx/powerpack-license@5.0.8
    scanning unist-util-find-all-after@5.0.0...
    scanning @azure/arm-resources@7.0.0...
    scanning mdast-util-compact@5.0.0...
    scanning node-liblzma@5.0.3...
    [50] processed
    scanning openapi-typescript-codegen@0.31.0...
    scanning unist-util-select@5.1.0...
    scanning unist-util-map@4.0.0...
    scanning @azure/arm-authorization@9.0.0...
    scanning customerio-node@5.0.1...
    scanning popsicle@12.1.2...
    scanning @ladjs/country-language@1.0.3...
    scanning iso-url@1.2.1...
    scanning @azure/arm-containerinstance@9.1.0...
    scanning @azure/arm-monitor@7.0.0...
    scanning mdast-util-heading-style@3.0.0...
    scanning @azure/arm-sql@10.0.0...
    scanning @azure/arm-mysql@5.1.0...
    scanning @azure/arm-databricks@3.0.0...
    scanning @azure/arm-mysql-flexible@3.1.0...
    scanning @azure/arm-mariadb@2.1.0...
    scanning fetch-to-node@2.1.0...
    scanning @azure/arm-postgresql@6.1.0...
    scanning @azure/msal-node-extensions@5.3.0...
    scanning @azure/arm-synapse@8.0.0...
    scanning @azure/arm-sqlvirtualmachine@4.1.1...
    scanning saml2-js@4.0.4...
    scanning universal-base64@2.1.0...
    scanning ibm_db@4.0.1...
    scanning @azure/arm-managementgroups@2.0.2...
    scanning @azure/arm-features@3.1.0...
    scanning unist-util-find@3.0.0...
    scanning @azure/arm-privatedns@3.3.0...
    scanning unique-username-generator@1.5.1...
    scanning @isaacs/ts-node-temp-fork-for-pr-2009@10.9.7...
    scanning @op-engineering/op-sqlite@17.0.0...
    scanning @azure/arm-rediscache@8.2.0...
    scanning @azure/arm-locks@2.1.0...
  ↩️  HTTP 302 → https://unpkg.com/axios@1.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
  ↩️  HTTP 302 → https://unpkg.com/targz@1.0.1/package.json
      + discovered targz@1.0.1
    scanning whatsapp-web.js@1.34.7...
    scanning @azure/arm-search@3.3.0...
    scanning ts-sinon@2.0.2...
    scanning mermaid-isomorphic@3.1.0...
    scanning winston-transport-sentry-node@3.0.0...
    scanning @vscode/spdlog@0.15.8...
    scanning @azure/arm-security@5.0.0...
    scanning shift-ast@7.0.0...
    scanning @azure/arm-resources-subscriptions@2.1.0...
    scanning zstd.ts@1.1.3...
    scanning meteor-node-stubs@1.2.27...
    scanning @azure/arm-appinsights@4.0.0...
    scanning eslint-config-node@4.1.0...
    scanning @pact-foundation/pact-node@10.18.0...
    scanning @stacksjs/clarity@0.3.28...
    scanning openapi-typescript-fetch@2.2.1...
    scanning ts-node-maintained@10.9.6...
    [100] processed
    scanning lambda-log@3.1.0...
  ↩️  HTTP 302 → https://unpkg.com/rimraf@5.0.10/package.json
  ↩️  HTTP 302 → https://unpkg.com/http-browserify@1.7.0/package.json
      + discovered rimraf@5.0.10
      + discovered http-browserify@1.7.0
    scanning unist-util-find-all-before@5.0.0...
  ↩️  HTTP 301 → https://unpkg.com/ts-node-maintained@10.9.6/register/index.js
    scanning @woocommerce/woocommerce-rest-api@1.0.2...
    scanning @pedrouid/environment@1.0.1...
    scanning esm-wallaby@3.2.35...
    scanning etcd3@1.1.2...
    scanning v8-profiler-next@1.10.0...
    scanning spdlog@0.13.7...
    scanning pact-node@1.3.8...
    ✓ 113 packages processed, 104 new candidates queued
    checkpoint saved

  ├─ draining 104 discovered packages...

  Candidates: fetching 104...
    [50/104] checked, 2 new, 0 version updates
    [100/104] checked, 6 new, 0 version updates
    [104/104] checked, 7 new, 0 version updates
    ✓ +7 of 104 candidates (120 in store, 6.7% hit rate)
    checkpoint saved — ready to refill
  ├─ pass 2 (discovered only): none queued yet...

  DeepFetch (discovery): 120 packages (120 cache invalidated — re-fetching)...
    scanning 9router@0.5.8...
    scanning @swc/core@1.15.43...
    scanning @parcel/watcher@2.5.6...
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm-eabi@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm64@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-freebsd-x64@1.3.11/package.json
    scanning @sentry/cli@3.5.1...
    scanning puppeteer@25.2.1...
    scanning better-sqlite3@12.11.1...
    scanning cypress@15.18.0...
  ↩️  HTTP 302 → https://unpkg.com/@cypress/xvfb@1.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/puppeteer@25.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/bluebird@3.7.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/common-tags@1.8.2/package.json
    scanning canvas@3.2.3...
  ↩️  HTTP 302 → https://unpkg.com/chalk@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
    scanning bcrypt@6.0.0...
  ↩️  HTTP 302 → https://unpkg.com/lodash@4.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/arch@2.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/ospath@1.2.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/ci-info@4.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/executable@4.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/log-symbols@4.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cachedir@2.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/supports-color@8.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/fs-extra@9.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-installed-globally@0.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/untildify@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/commander@6.2.1/package.json
    scanning lefthook@2.1.9...
    scanning sqlite3@6.0.1...
  ↩️  HTTP 302 → https://unpkg.com/dayjs@1.11.21/package.json
    scanning node-sass@9.0.0...
  ↩️  HTTP 302 → https://unpkg.com/@cypress/request@4.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/listr2@9.0.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/request-progress@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/systeminformation@5.31.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/yauzl@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/pretty-bytes@5.6.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/minimist@1.2.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/tmp@0.2.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/cypress@15.18.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cross-spawn@7.0.6/package.json
  ↩️  HTTP 302 → https://unpkg.com/make-fetch-happen@10.2.1/package.json
    scanning ffmpeg-static@5.3.0...
    scanning @tensorflow/tfjs-node@4.22.0...
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@5.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@2.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/@derhuerst/http-basic@8.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/env-paths@2.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
  ↩️  HTTP 302 → https://unpkg.com/rimraf@2.7.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/tar@6.2.1/package.json
    scanning prisma@7.8.0...
    scanning wireit@0.14.13...
    scanning rollup@4.62.2...
    scanning webpack@5.108.0...
    scanning esbuild@0.28.1...
    scanning unbuild@3.6.1...
    scanning nx@23.0.1...
    scanning resolve@1.22.12...
    scanning is-core-module@2.16.2...
    scanning axios@1.18.1...
    scanning unist-util-stringify-position@4.0.0...
    scanning unist-util-is@6.0.1...
    scanning unist-util-visit@5.1.0...
    scanning mdast-util-to-string@4.0.0...
  ↩️  HTTP 302 → https://unpkg.com/packages@0.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/nx@23.0.1/package.json
    scanning ts-node@10.9.2...
  ↩️  HTTP 302 → https://unpkg.com/@angular/build@22.0.4/package.json
    scanning cross-fetch@4.1.0...
  ↩️  HTTP 302 → https://unpkg.com/@swc-node/register@1.11.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular-devkit/build-angular@22.0.4/package.json
    scanning unist-util-position@5.0.0...
  ↩️  HTTP 302 → https://unpkg.com/ts-node@10.9.2/package.json
    scanning is-bun-module@2.0.0...
  ↩️  HTTP 302 → https://unpkg.com/target@0.0.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/devkit@23.0.1/package.json
    scanning node-abi@4.31.0...
  ↩️  HTTP 302 → https://unpkg.com/@nx/key@5.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/powerpack-license@5.0.8/package.json
    scanning fastest-levenshtein@1.0.16...
  ↩️  HTTP 302 → https://unpkg.com/typescript@6.0.3/package.json
    scanning node-exports-info@2.0.0...
    scanning import-meta-resolve@4.2.0...
    scanning @azure/msal-node@5.3.0...
    scanning mdast-util-definitions@6.0.0...
    scanning estree-util-visit@2.0.0...
    scanning unist-util-find-after@5.0.0...
    scanning log4js@6.9.1...
    scanning eslint-plugin-n@18.2.0...
    scanning unist-util-position-from-estree@2.0.0...
    scanning natural-orderby@5.0.0...
    scanning @openfeature/server-sdk@1.22.0...
    scanning @dual-bundle/import-meta-resolve@4.2.1...
    scanning unist-util-remove@4.0.0...
    scanning unist-util-filter@5.0.1...
    scanning bun@1.3.14...
    scanning @xmldom/is-dom-node@1.0.1...
    [50] processed
    scanning unist-util-find-all-after@5.0.0...
    scanning @azure/arm-resources@7.0.0...
    scanning mdast-util-compact@5.0.0...
    scanning node-liblzma@5.0.3...
    scanning openapi-typescript-codegen@0.31.0...
    scanning unist-util-select@5.1.0...
    scanning unist-util-map@4.0.0...
    scanning @azure/arm-authorization@9.0.0...
    scanning customerio-node@5.0.1...
    scanning popsicle@12.1.2...
    scanning @ladjs/country-language@1.0.3...
    scanning iso-url@1.2.1...
    scanning @azure/arm-containerinstance@9.1.0...
    scanning @azure/arm-monitor@7.0.0...
    scanning mdast-util-heading-style@3.0.0...
    scanning @azure/arm-sql@10.0.0...
    scanning @azure/arm-mysql@5.1.0...
    scanning @azure/arm-databricks@3.0.0...
    scanning @azure/arm-mysql-flexible@3.1.0...
    scanning @azure/arm-mariadb@2.1.0...
    scanning fetch-to-node@2.1.0...
    scanning @azure/arm-postgresql@6.1.0...
    scanning @azure/msal-node-extensions@5.3.0...
    scanning @azure/arm-synapse@8.0.0...
    scanning @azure/arm-sqlvirtualmachine@4.1.1...
    scanning saml2-js@4.0.4...
    scanning universal-base64@2.1.0...
    scanning ibm_db@4.0.1...
  ↩️  HTTP 302 → https://unpkg.com/targz@1.0.1/package.json
    scanning @azure/arm-managementgroups@2.0.2...
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
  ↩️  HTTP 302 → https://unpkg.com/axios@1.18.1/package.json
    scanning @azure/arm-features@3.1.0...
    scanning unist-util-find@3.0.0...
    scanning @azure/arm-privatedns@3.3.0...
    scanning unique-username-generator@1.5.1...
    scanning @isaacs/ts-node-temp-fork-for-pr-2009@10.9.7...
    scanning @op-engineering/op-sqlite@17.0.0...
    scanning @azure/arm-rediscache@8.2.0...
    scanning @azure/arm-locks@2.1.0...
    scanning whatsapp-web.js@1.34.7...
    scanning @azure/arm-search@3.3.0...
    scanning ts-sinon@2.0.2...
    scanning mermaid-isomorphic@3.1.0...
    scanning winston-transport-sentry-node@3.0.0...
    scanning @vscode/spdlog@0.15.8...
    scanning @azure/arm-security@5.0.0...
    scanning shift-ast@7.0.0...
    scanning @azure/arm-resources-subscriptions@2.1.0...
    scanning zstd.ts@1.1.3...
    scanning meteor-node-stubs@1.2.27...
  ↩️  HTTP 302 → https://unpkg.com/rimraf@5.0.10/package.json
  ↩️  HTTP 302 → https://unpkg.com/http-browserify@1.7.0/package.json
    scanning @azure/arm-appinsights@4.0.0...
    scanning eslint-config-node@4.1.0...
    [100] processed
    scanning @pact-foundation/pact-node@10.18.0...
    scanning @stacksjs/clarity@0.3.28...
    scanning openapi-typescript-fetch@2.2.1...
    scanning ts-node-maintained@10.9.6...
    scanning lambda-log@3.1.0...
    scanning unist-util-find-all-before@5.0.0...
    scanning @woocommerce/woocommerce-rest-api@1.0.2...
    scanning @pedrouid/environment@1.0.1...
    scanning esm-wallaby@3.2.35...
    scanning etcd3@1.1.2...
    scanning v8-profiler-next@1.10.0...
    scanning spdlog@0.13.7...
    scanning pact-node@1.3.8...
    scanning ci-info@4.4.0...
    scanning minimist@1.2.8...
    scanning jsonc-parser@3.3.1...
    scanning minimatch@10.2.5...
    scanning cliui@8.0.1...
    scanning yargs-parser@21.1.1...
    scanning rimraf@5.0.10...
    ✓ 120 packages processed, no new candidates
    checkpoint saved

  ├─ reverify: full fetch (120 packages — confirming all deps cached)...

  DeepFetch (reverify): 120 packages (120 cache invalidated — re-fetching)...
    scanning 9router@0.5.8...
    scanning @swc/core@1.15.43...
    scanning @parcel/watcher@2.5.6...
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm-eabi@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm64@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-freebsd-x64@1.3.11/package.json
    scanning @sentry/cli@3.5.1...
    scanning puppeteer@25.2.1...
  ↩️  HTTP 302 → https://unpkg.com/puppeteer@25.2.1/package.json
    scanning better-sqlite3@12.11.1...
    scanning cypress@15.18.0...
  ↩️  HTTP 302 → https://unpkg.com/@cypress/xvfb@1.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/bluebird@3.7.2/package.json
    scanning canvas@3.2.3...
  ↩️  HTTP 302 → https://unpkg.com/lodash@4.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/chalk@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/common-tags@1.8.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/arch@2.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/ospath@1.2.2/package.json
    scanning bcrypt@6.0.0...
  ↩️  HTTP 302 → https://unpkg.com/ci-info@4.4.0/package.json
    scanning lefthook@2.1.9...
  ↩️  HTTP 302 → https://unpkg.com/log-symbols@4.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cachedir@2.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/executable@4.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/systeminformation@5.31.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/supports-color@8.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-installed-globally@0.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/fs-extra@9.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/untildify@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/commander@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/dayjs@1.11.21/package.json
  ↩️  HTTP 302 → https://unpkg.com/listr2@9.0.5/package.json
    scanning sqlite3@6.0.1...
  ↩️  HTTP 302 → https://unpkg.com/request-progress@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/request@4.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/yauzl@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/pretty-bytes@5.6.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/tmp@0.2.7/package.json
    scanning node-sass@9.0.0...
  ↩️  HTTP 302 → https://unpkg.com/minimist@1.2.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/cypress@15.18.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cross-spawn@7.0.6/package.json
  ↩️  HTTP 302 → https://unpkg.com/make-fetch-happen@10.2.1/package.json
    scanning ffmpeg-static@5.3.0...
  ↩️  HTTP 302 → https://unpkg.com/@derhuerst/http-basic@8.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@5.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/env-paths@2.2.1/package.json
    scanning @tensorflow/tfjs-node@4.22.0...
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@2.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/tar@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/rimraf@2.7.1/package.json
    scanning prisma@7.8.0...
    scanning wireit@0.14.13...
    scanning rollup@4.62.2...
    scanning webpack@5.108.0...
    scanning esbuild@0.28.1...
    scanning unbuild@3.6.1...
    scanning nx@23.0.1...
    scanning resolve@1.22.12...
    scanning is-core-module@2.16.2...
    scanning axios@1.18.1...
    scanning unist-util-stringify-position@4.0.0...
    scanning unist-util-is@6.0.1...
    scanning unist-util-visit@5.1.0...
  ↩️  HTTP 302 → https://unpkg.com/nx@23.0.1/package.json
    scanning mdast-util-to-string@4.0.0...
  ↩️  HTTP 302 → https://unpkg.com/packages@0.0.8/package.json
    scanning ts-node@10.9.2...
    scanning cross-fetch@4.1.0...
    scanning unist-util-position@5.0.0...
  ↩️  HTTP 302 → https://unpkg.com/@angular/build@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc-node/register@1.11.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular-devkit/build-angular@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/ts-node@10.9.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/target@0.0.2/package.json
    scanning is-bun-module@2.0.0...
  ↩️  HTTP 302 → https://unpkg.com/@nx/key@5.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/powerpack-license@5.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/devkit@23.0.1/package.json
    scanning node-abi@4.31.0...
    scanning fastest-levenshtein@1.0.16...
  ↩️  HTTP 302 → https://unpkg.com/typescript@6.0.3/package.json
    scanning node-exports-info@2.0.0...
    scanning import-meta-resolve@4.2.0...
    scanning @azure/msal-node@5.3.0...
    scanning mdast-util-definitions@6.0.0...
    scanning estree-util-visit@2.0.0...
    scanning unist-util-find-after@5.0.0...
    scanning log4js@6.9.1...
    scanning eslint-plugin-n@18.2.0...
    scanning unist-util-position-from-estree@2.0.0...
    scanning natural-orderby@5.0.0...
    scanning @openfeature/server-sdk@1.22.0...
    scanning @dual-bundle/import-meta-resolve@4.2.1...
    scanning unist-util-remove@4.0.0...
    scanning unist-util-filter@5.0.1...
    scanning bun@1.3.14...
    scanning @xmldom/is-dom-node@1.0.1...
    [50] processed
    scanning unist-util-find-all-after@5.0.0...
    scanning @azure/arm-resources@7.0.0...
    scanning mdast-util-compact@5.0.0...
    scanning node-liblzma@5.0.3...
    scanning openapi-typescript-codegen@0.31.0...
    scanning unist-util-select@5.1.0...
    scanning unist-util-map@4.0.0...
    scanning @azure/arm-authorization@9.0.0...
    scanning customerio-node@5.0.1...
    scanning popsicle@12.1.2...
    scanning @ladjs/country-language@1.0.3...
    scanning iso-url@1.2.1...
    scanning @azure/arm-containerinstance@9.1.0...
    scanning @azure/arm-monitor@7.0.0...
    scanning mdast-util-heading-style@3.0.0...
    scanning @azure/arm-sql@10.0.0...
    scanning @azure/arm-mysql@5.1.0...
    scanning @azure/arm-databricks@3.0.0...
    scanning @azure/arm-mysql-flexible@3.1.0...
    scanning @azure/arm-mariadb@2.1.0...
    scanning fetch-to-node@2.1.0...
    scanning @azure/arm-postgresql@6.1.0...
    scanning @azure/msal-node-extensions@5.3.0...
    scanning @azure/arm-synapse@8.0.0...
    scanning @azure/arm-sqlvirtualmachine@4.1.1...
    scanning saml2-js@4.0.4...
    scanning universal-base64@2.1.0...
    scanning ibm_db@4.0.1...
  ↩️  HTTP 302 → https://unpkg.com/targz@1.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
    scanning @azure/arm-managementgroups@2.0.2...
  ↩️  HTTP 302 → https://unpkg.com/axios@1.18.1/package.json
    scanning @azure/arm-features@3.1.0...
    scanning unist-util-find@3.0.0...
    scanning @azure/arm-privatedns@3.3.0...
    scanning unique-username-generator@1.5.1...
    scanning @isaacs/ts-node-temp-fork-for-pr-2009@10.9.7...
    scanning @op-engineering/op-sqlite@17.0.0...
    scanning @azure/arm-rediscache@8.2.0...
    scanning @azure/arm-locks@2.1.0...
    scanning whatsapp-web.js@1.34.7...
    scanning @azure/arm-search@3.3.0...
    scanning ts-sinon@2.0.2...
    scanning mermaid-isomorphic@3.1.0...
    scanning winston-transport-sentry-node@3.0.0...
    scanning @vscode/spdlog@0.15.8...
    scanning @azure/arm-security@5.0.0...
    scanning shift-ast@7.0.0...
    scanning @azure/arm-resources-subscriptions@2.1.0...
    scanning zstd.ts@1.1.3...
    scanning meteor-node-stubs@1.2.27...
  ↩️  HTTP 302 → https://unpkg.com/rimraf@5.0.10/package.json
  ↩️  HTTP 302 → https://unpkg.com/http-browserify@1.7.0/package.json
    scanning @azure/arm-appinsights@4.0.0...
    scanning eslint-config-node@4.1.0...
    [100] processed
    scanning @pact-foundation/pact-node@10.18.0...
    scanning @stacksjs/clarity@0.3.28...
    scanning openapi-typescript-fetch@2.2.1...
    scanning ts-node-maintained@10.9.6...
    scanning lambda-log@3.1.0...
    scanning unist-util-find-all-before@5.0.0...
    scanning @woocommerce/woocommerce-rest-api@1.0.2...
    scanning @pedrouid/environment@1.0.1...
    scanning esm-wallaby@3.2.35...
    scanning etcd3@1.1.2...
    scanning v8-profiler-next@1.10.0...
    scanning spdlog@0.13.7...
    scanning pact-node@1.3.8...
    scanning ci-info@4.4.0...
    scanning minimist@1.2.8...
    scanning jsonc-parser@3.3.1...
    scanning minimatch@10.2.5...
    scanning cliui@8.0.1...
    scanning yargs-parser@21.1.1...
    scanning rimraf@5.0.10...
    ✓ 120 packages processed, no new candidates
    checkpoint saved

  └─ scanning indicators...

  DeepScan: checking 120 packages against 30 indicators...
    checking 9router@0.5.8...
      [deepScan] 9router: scanning JS files...
      [deepScan] 9router: JS scan done (4 refs) — detecting clues...
      [deepScan] 9router: checking 9router@0.5.8 against 30 indicators...
      [deepScan] 9router: 2 clue(s) found — investigating...
      [deepScan] 9router: investigating bundled-binary-installer...
      [deepScan] 9router: bundled-binary-installer done
      [deepScan] 9router: investigating runtime-installer...
      [deepScan] 9router: runtime-installer done
    9router@0.5.8 — 2 indicator(s)
      ✓ bundled-binary-installer — Bundled binary activator [activates-bundled-binary]
      ✓ runtime-installer — Runtime package installer [runtime-installer]
    checking @swc/core@1.15.43...
      [deepScan] @swc/core: scanning JS files...
    checking @parcel/watcher@2.5.6...
      [deepScan] @swc/core: JS scan done (2 refs) — detecting clues...
      [deepScan] @swc/core: checking @swc/core@1.15.43 against 30 indicators...
      [deepScan] @parcel/watcher: scanning JS files...
      [deepScan] @swc/core: 5 clue(s) found — investigating...
      [deepScan] @swc/core: investigating Cargo.toml...
      [deepScan] @swc/core: Cargo.toml done
      [deepScan] @swc/core: investigating binary-downloader...
      [deepScan] @swc/core: binary-downloader done
      [deepScan] @swc/core: investigating runtime-installer...
      [deepScan] @swc/core: runtime-installer done
      [deepScan] @swc/core: investigating source-downloader...
      [deepScan] @swc/core: source-downloader done
      [deepScan] @swc/core: investigating dynamic-require-loader...
      [deepScan] @swc/core: dynamic-require-loader done
      [deepScan] @parcel/watcher: JS scan done (1 refs) — detecting clues...
      [deepScan] @parcel/watcher: checking @parcel/watcher@2.5.6 against 30 indicators...
    @swc/core@1.15.43 — 5 indicator(s)
      ✓ Cargo.toml — Rust build descriptor [native-build, rust-native]
      ✓ binary-downloader — Prebuilt binary downloader [binary-download]
      ✓ runtime-installer — Runtime package installer [runtime-installer]
      ✓ source-downloader — Lifecycle script URL fetch [external-url]
      ✓ dynamic-require-loader — Dynamic-require loader [dynamic-require]
      [deepScan] @parcel/watcher: 1 clue(s) found — investigating...
      [deepScan] @parcel/watcher: investigating binding.gyp...
      [deepScan] @parcel/watcher: binding.gyp done
    @parcel/watcher@2.5.6 — 1 indicator(s)
      ✓ binding.gyp — GYP build descriptor [native-build, gyp-conditions]
    checking @sentry/cli@3.5.1...
      [deepScan] @sentry/cli: scanning JS files...
      [deepScan] @sentry/cli: JS scan done (4 refs) — detecting clues...
      [deepScan] @sentry/cli: checking @sentry/cli@3.5.1 against 30 indicators...
      [deepScan] @sentry/cli: 2 clue(s) found — investigating...
      [deepScan] @sentry/cli: investigating binary-downloader...
      [deepScan] @sentry/cli: binary-downloader done
      [deepScan] @sentry/cli: investigating source-downloader...
      [deepScan] @sentry/cli: source-downloader done
    @sentry/cli@3.5.1 — 2 indicator(s)
      ✓ binary-downloader — Prebuilt binary downloader [binary-download]
      ✓ source-downloader — Lifecycle script URL fetch [external-url]
    checking puppeteer@25.2.1...
    checking better-sqlite3@12.11.1...
      [deepScan] puppeteer: scanning JS files...
      [deepScan] better-sqlite3: scanning JS files...
      [deepScan] better-sqlite3: JS scan done (1 refs) — detecting clues...
      [deepScan] better-sqlite3: checking better-sqlite3@12.11.1 against 30 indicators...
      [deepScan] better-sqlite3: 1 clue(s) found — investigating...
      [deepScan] better-sqlite3: investigating binding.gyp...
      [deepScan] better-sqlite3: binding.gyp done
      [deepScan] puppeteer: JS scan done (1 refs) — detecting clues...
      [deepScan] puppeteer: checking puppeteer@25.2.1 against 30 indicators...
      [deepScan] puppeteer: 3 clue(s) found — investigating...
      [deepScan] puppeteer: investigating binary-downloader...
      [deepScan] puppeteer: binary-downloader done
      [deepScan] puppeteer: investigating runtime-installer...
      [deepScan] puppeteer: runtime-installer done
      [deepScan] puppeteer: investigating source-downloader...
      [deepScan] puppeteer: source-downloader done
    better-sqlite3@12.11.1 — 1 indicator(s)
      ✓ binding.gyp — GYP build descriptor [native-build, gyp-conditions]
    puppeteer@25.2.1 — 3 indicator(s)
      ✓ bina

…(truncated — 92333 chars total, see artifact for full output)
…*(truncated — full output in artifact)*

📦 Download full scan artifacts (zip)

@github-actions

Copy link
Copy Markdown

✅ SUCCESS — indicator-suggestions deep scan

Command: node scripts/build-indicator-suggestions.js --add 9router --top 100 --deep

Full scan output (stdout + stderr)

📦 npm indicator-suggestions builder
   out:      /home/runner/work/npm-cli/npm-cli/indicator-suggestions.json
   packages: /home/runner/work/npm-cli/npm-cli/indicator-suggestions.packages.json (permanent store)
   resume:   /home/runner/work/npm-cli/npm-cli/indicator-suggestions.tmp.json  (deleted on success)
   deep:     /home/runner/work/npm-cli/npm-cli/indicator-suggestions.deep  (indicator files cached by name@version)
             with: /home/runner/work/npm-cli/npm-cli/lib/utils/indicator-scanner.js

Loading package data...
  (no existing data — fresh run, targeting 100 packages)

  query order: android, native, rust, react-native, cli, build, addon, npm, node, javascript, wasm
Steps 1–3/5: Scanning popular packages for lifecycle scripts...
  (target: 100 more packages with lifecycle scripts)
  (skipping 0 already-scanned names)
  (first run — recorded changes seq 116,682,363; next run will filter)

  + injected candidate: 9router
  + injected candidate: @swc/core
  ? probing alternate form: core
  + injected candidate: core  (alternate form of '@swc/core')
  + injected candidate: @parcel/watcher
  ? probing alternate form: watcher
  + injected candidate: watcher  (alternate form of '@parcel/watcher')
  + injected candidate: @sentry/cli
  ? probing alternate form: cli
  + injected candidate: cli  (alternate form of '@sentry/cli')
  + injected candidate: prisma
  + injected candidate: puppeteer
  + injected candidate: better-sqlite3
  + injected candidate: canvas
  + injected candidate: cypress
  + injected candidate: bcrypt
  + injected candidate: electron
  + injected candidate: lefthook
  + injected candidate: sqlite3
  + injected candidate: ffmpeg-static
  + injected candidate: node-sass
  + injected candidate: @tensorflow/tfjs-node
  ? probing alternate form: tfjs-node
  + injected candidate: tfjs-node  (alternate form of '@tensorflow/tfjs-node')
  + injected candidate: cross-env
  + injected candidate: cross-spawn
  + injected candidate: shelljs
  + injected candidate: gulp
  + injected candidate: gulp-cli
  + injected candidate: grunt
  + injected candidate: grunt-cli
  + injected candidate: jake
  + injected candidate: just-task
  + injected candidate: nps
  + injected candidate: wireit
  + injected candidate: taskr
  + injected candidate: nake
  + injected candidate: esbuild
  + injected candidate: rollup
  + injected candidate: vite
  + injected candidate: webpack
  + injected candidate: parcel
  + injected candidate: tsup
  + injected candidate: unbuild
  + injected candidate: brunch
  + injected candidate: broccoli
  + injected candidate: fuse-box
  + injected candidate: snowpack
  + injected candidate: nx
  + injected candidate: turborepo
  + injected candidate: lerna

Step 3.25/5: Processing 47 candidates...

  Candidates: fetching 47...
    [47/47] checked, 21 new, 0 version updates
    ✓ +21 of 47 candidates (21 in store, 44.7% hit rate)
    checkpoint saved — ready to refill

  query: keywords:android
    fetching offset=0...
    p1 offset=0 fetch=153ms | +250 new names, 0 seen-skips | 250 candidates, 21 in store
    saving checkpoint...
                       
    fetching offset=250...
    p2 offset=250 fetch=259ms | +250 new names, 0 seen-skips | 500 candidates, 21 in store
    saving checkpoint...
                       
  Candidates: fetching 500...
    [50/500] checked, 23 new, 0 version updates
    [100/500] checked, 48 new, 0 version updates
    [150/500] checked, 80 new, 0 version updates
    [200/500] checked, 106 new, 0 version updates
    [250/500] checked, 139 new, 0 version updates
    [300/500] checked, 178 new, 0 version updates
    [350/500] checked, 202 new, 0 version updates
    [400/500] checked, 229 new, 0 version updates
    [450/500] checked, 253 new, 0 version updates
    [500/500] checked, 280 new, 0 version updates
    [500/500] checked, 280 new, 0 version updates
    ✓ +280 of 500 candidates (301 in store, 56.0% hit rate)
    checkpoint saved — ready to refill
  checkpoint: 301 packages, 547 seen — saved

  ✓ search complete: 500 names examined this run (547 unique in seen-set)

Step 3.5/4: Expanding scoped packages with unscoped peers...
  checking 113 bare names...
  113 of 113 peers exist — added to candidates

  Candidates: fetching 113...
    [50/113] checked, 1 new, 0 version updates
    [100/113] checked, 6 new, 0 version updates
    [113/113] checked, 7 new, 0 version updates
    ✓ +7 of 113 candidates (308 in store, 6.2% hit rate)
    checkpoint saved — ready to refill
Step 4/5: Deep scanning packages via unpkg...
  ├─ pass 1 (initial full fetch): all 308 packages...

  DeepFetch (reverify): 308 packages (308 new)...
    scanning 9router@0.5.8...
    scanning @swc/core@1.15.43...
    scanning @parcel/watcher@2.5.6...
    scanning prisma@7.8.0...
    scanning @sentry/cli@3.5.1...
    scanning better-sqlite3@12.11.1...
    scanning puppeteer@25.2.1...
    scanning cypress@15.18.0...
    scanning canvas@3.2.3...
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm64@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-freebsd-x64@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm-eabi@1.3.11/package.json
      + discovered @swc/core-win32-x64-msvc@1.15.43
      + discovered @swc/core-win32-ia32-msvc@1.15.43
      + discovered @swc/core-win32-arm64-msvc@1.15.43
      + discovered @swc/core-darwin-x64@1.15.43
      + discovered @swc/core-android-arm64@1.3.11
      + discovered @swc/core-linux-x64-musl@1.15.43
      + discovered @swc/core-linux-x64-gnu@1.15.43
      + discovered @swc/core-linux-arm64-musl@1.15.43
      + discovered @swc/core-freebsd-x64@1.3.11
      + discovered @swc/core-linux-arm-gnueabihf@1.15.43
      + discovered @swc/core-android-arm-eabi@1.3.11
      + discovered @swc/core-linux-ppc64-gnu@1.15.43
      + discovered @swc/core-linux-s390x-gnu@1.15.43
      + discovered @swc/core-darwin-arm64@1.15.43
      + discovered @swc/core-linux-arm64-gnu@1.15.43
    scanning bcrypt@6.0.0...
    scanning lefthook@2.1.9...
  ↩️  HTTP 302 → https://unpkg.com/puppeteer@25.2.1/package.json
    scanning sqlite3@6.0.1...
    scanning ffmpeg-static@5.3.0...
  ↩️  HTTP 302 → https://unpkg.com/lodash@4.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/commander@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/common-tags@1.8.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/log-symbols@4.1.0/package.json
    scanning node-sass@9.0.0...
  ↩️  HTTP 302 → https://unpkg.com/dayjs@1.11.21/package.json
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/chalk@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/bluebird@3.7.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/fs-extra@9.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/listr2@9.0.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/request@4.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/yauzl@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/request-progress@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/pretty-bytes@5.6.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/ospath@1.2.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/arch@2.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/xvfb@1.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/ci-info@4.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cachedir@2.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/supports-color@8.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-installed-globally@0.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/systeminformation@5.31.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/untildify@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/executable@4.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/tmp@0.2.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/cypress@15.18.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/minimist@1.2.8/package.json
      + discovered lodash@4.18.1
      + discovered commander@6.2.1
      + discovered common-tags@1.8.2
      + discovered log-symbols@4.1.0
      + discovered cli-table3@0.6.1
      + discovered dayjs@1.11.21
      + discovered debug@4.4.3
      + discovered bluebird@3.7.2
      + discovered chalk@4.1.2
      + discovered fs-extra@9.1.0
      + discovered proxy-from-env@1.0.0
      + discovered listr2@9.0.5
      + discovered @cypress/request@4.0.1
      + discovered yauzl@3.4.0
      + discovered request-progress@3.0.0
      + discovered hasha@5.2.2
      + discovered pretty-bytes@5.6.0
      + discovered execa@4.1.0
      + discovered arch@2.2.0
      + discovered ospath@1.2.2
      + discovered @cypress/xvfb@1.2.4
      + discovered ci-info@4.4.0
      + discovered cachedir@2.4.0
      + discovered supports-color@8.1.1
      + discovered tree-kill@1.2.2
      + discovered is-installed-globally@0.4.0
      + discovered untildify@4.0.0
      + discovered executable@4.1.1
      + discovered systeminformation@5.31.11
      + discovered tmp@0.2.7
      + discovered minimist@1.2.8
    scanning @tensorflow/tfjs-node@4.22.0...
    scanning wireit@0.14.13...
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/env-paths@2.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@5.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@derhuerst/http-basic@8.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@2.2.4/package.json
      + discovered progress@2.0.3
      + discovered env-paths@2.2.1
      + discovered https-proxy-agent@5.0.1
      + discovered @derhuerst/http-basic@8.2.4
  ↩️  HTTP 302 → https://unpkg.com/tar@6.2.1/package.json
    scanning esbuild@0.28.1...
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
    scanning rollup@4.62.2...
  ↩️  HTTP 302 → https://unpkg.com/rimraf@2.7.1/package.json
      + discovered https-proxy-agent@2.2.4
      + discovered tar@6.2.1
      + discovered adm-zip@0.5.17
      + discovered rimraf@2.7.1
    scanning webpack@5.108.0...
    scanning unbuild@3.6.1...
    scanning nx@23.0.1...
  ↩️  HTTP 302 → https://unpkg.com/cross-spawn@7.0.6/package.json
  ↩️  HTTP 302 → https://unpkg.com/make-fetch-happen@10.2.1/package.json
      + discovered cross-spawn@7.0.6
      + discovered make-fetch-happen@10.2.1
    scanning react-native@0.86.0...
    scanning @react-navigation/elements@2.9.26...
    scanning react-native-svg@15.15.5...
    scanning @react-navigation/native@7.3.4...
    scanning @react-navigation/bottom-tabs@7.18.3...
    scanning @react-navigation/native-stack@7.17.6...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/bin/post-install.js
    scanning logkitty@0.7.1...
    scanning react-native-keyboard-controller@1.21.12...
    scanning appium-chromedriver@8.4.11...
    scanning react-native-drawer-layout@4.2.5...
    scanning @react-native-firebase/app@25.1.0...
    scanning react-native-device-info@15.0.2...
    scanning @react-navigation/stack@7.10.6...
    scanning react-native-reanimated-carousel@4.0.3...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/native/index.js
    scanning react-native-pager-view@8.0.2...
    scanning appium@3.5.2...
    scanning appium-android-driver@13.2.4...
    scanning @react-native-google-signin/google-signin@16.1.2...
    scanning appium-uiautomator2-driver@7.6.2...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/project-graph/plugins/index.js
    scanning io.appium.settings@7.1.4...
    scanning @react-navigation/drawer@7.12.3...
    scanning react-native-share@12.3.1...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/executors/run-commands/run-commands.impl.js
    scanning react-native-tab-view@4.3.1...
    scanning @react-native-menu/menu@2.0.0...
    scanning moti@0.30.0...
  ↩️  HTTP 302 → https://unpkg.com/nx@23.0.1/package.json
    scanning react-native-keychain@10.0.0...
  ↩️  HTTP 302 → https://unpkg.com/packages@0.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular/build@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/ts-node@10.9.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc-node/register@1.11.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular-devkit/build-angular@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/typescript@6.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/target@0.0.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/key@5.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/devkit@23.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/powerpack-license@5.0.8/package.json
      + discovered tslib@2.8.1
      + discovered picocolors@1.1.1
      + discovered jsonc-parser@3.3.1
      + discovered lines-and-columns@2.0.3
      + discovered @zkochan/js-yaml@0.0.7
      + discovered dotenv@16.4.7
      + discovered axios@1.16.0
      + discovered ora@5.4.1
      + discovered cli-spinners@2.6.1
      + discovered cli-cursor@3.1.0
      + discovered figures@3.2.0
      + discovered tar-stream@2.2.0
      + discovered @napi-rs/wasm-runtime@0.2.4
      + discovered @nx/nx-win32-x64-msvc@23.0.1
      + discovered @nx/nx-darwin-x64@23.0.1
      + discovered @nx/nx-darwin-arm64@23.0.1
      + discovered @nx/nx-freebsd-x64@23.0.1
      + discovered @nx/nx-linux-x64-musl@23.0.1
      + discovered @nx/nx-linux-arm64-gnu@23.0.1
      + discovered @nx/nx-linux-x64-gnu@23.0.1
      + discovered @nx/nx-win32-arm64-msvc@23.0.1
      + discovered @nx/nx-linux-arm-gnueabihf@23.0.1
      + discovered @nx/nx-linux-arm64-musl@23.0.1
      + discovered minimatch@10.2.5
      + discovered dotenv-expand@12.0.3
      + discovered flat@5.0.2
      + discovered resolve.exports@2.0.3
      + discovered string-width@4.2.3
      + discovered cliui@8.0.1
      + discovered packages@0.0.8
      + discovered @angular/build@22.0.4
      + discovered tsconfig-paths@4.2.0
      + discovered ts-node@10.9.2
      + discovered @swc-node/register@1.11.1
      + discovered @angular-devkit/build-angular@22.0.4
      + discovered ignore@7.0.5
      + discovered semver@7.7.4
      + discovered yaml@2.9.0
      + discovered typescript@6.0.3
      + discovered enquirer@2.3.6
      + discovered npm-run-path@4.0.1
      + discovered target@0.0.2
      + discovered yargs-parser@21.1.1
      + discovered @nx/key@5.0.8
      + discovered @nx/devkit@23.0.1
      + discovered @nx/powerpack-license@5.0.8
    scanning react-native-haptic-feedback@3.0.0...
    scanning sonner-native@0.26.3...
    scanning react-native-paper@5.15.3...
    scanning @stripe/stripe-react-native@0.67.0...
    scanning @datadog/mobile-react-native@3.5.2...
    scanning @teovilla/react-native-web-maps@0.9.5...
    scanning @react-navigation/material-top-tabs@7.6.3...
    [50] processed
    scanning react-native-quick-base64@3.0.0...
    scanning @futurejj/react-native-checkbox@1.0.7...
    scanning @notifee/react-native@9.1.8...
  ↩️  HTTP 302 → https://unpkg.com/react@19.2.7/package.json
    scanning react-native-graph@1.2.0...
      + discovered react@19.2.7
    scanning react-native-tree-multi-select@2.0.21...
    scanning @segment/analytics-react-native@2.23.0...
    scanning @react-native-community/blur@4.4.1...
    scanning react-native-quick-crypto@1.1.5...
    scanning react-native-fbsdk-next@13.4.3...
      + discovered axios@1.18.0
      + discovered argparse@2.0.1
      + discovered ajv@8.20.0
      + discovered teen_process@4.1.3
      + discovered asyncbox@6.3.0
      + discovered ajv-formats@3.0.1
      + discovered semver@7.8.4
      + discovered @appium/support@7.2.5
      + discovered @appium/schema@1.2.1
    scanning react-native-converted-in-sdk@1.1.0...
    scanning react-native-ble-plx@3.5.1...
    scanning react-native-restart@0.0.28...
    scanning @intercom/intercom-react-native@10.3.3...
    scanning @datadog/mobile-react-navigation@3.5.2...
    scanning @rnmapbox/maps@10.3.1...
    scanning react-native-worklets-core@1.6.3...
    scanning react-native-confetti-cannon@1.5.2...
    scanning react-native-unistyles@3.2.5...
    scanning react-native-webrtc@124.0.7...
    scanning react-native-compressor@2.0.2...
    scanning react-native-google-places-autocomplete@2.6.4...
    scanning phosphor-react-native@3.0.6...
    scanning react-native-release-profiler@0.4.4...
    scanning @react-native-aria/utils@0.2.12...
    scanning react-native-youtube-iframe@2.4.1...
    scanning rive-react-native@9.8.3...
    scanning zeego@3.0.6...
    scanning react-native-svg-charts@5.4.0...
    scanning react-native-auth0@5.7.0...
    scanning @react-native-aria/focus@0.2.9...
    scanning react-native-ratings@8.1.0...
    scanning @react-native-aria/interactions@0.2.16...
    scanning react-native-step-indicator@1.0.3...
    scanning @lodev09/react-native-true-sheet@3.11.1...
    scanning react-native-css@3.0.7...
    scanning agent-device@0.17.10...
    scanning @op-engineering/op-sqlite@17.0.0...
    scanning @react-native-aria/overlays@0.3.15...
    scanning @datadog/mobile-react-native-session-replay@3.5.2...
    scanning @react-native-aria/toggle@0.2.11...
    scanning @livekit/react-native-webrtc@144.1.1...
    scanning react-native-enriched-markdown@0.6.0...
    scanning @livekit/react-native@2.11.1...
    scanning @react-native-aria/checkbox@0.2.10...
    scanning react-native-mask-input@1.2.3...
    scanning react-native-popover-view@6.1.0...
  ↩️  HTTP 302 → https://unpkg.com/react-native@0.86.0/package.json
    scanning react-native-passkey@3.5.0...
    scanning @bam.tech/react-native-image-resizer@3.0.11...
    scanning @backpackapp-io/react-native-toast@0.15.1...
    [100] processed
    scanning @react-native-aria/slider@0.2.12...
    scanning @react-native-aria/radio@0.2.13...
    scanning react-native-image-colors@2.6.0...
    scanning @expensify/react-native-wallet@0.1.22...
    scanning react-native-ui-datepicker@3.3.0...
    scanning @gluestack-ui/overlay@0.1.22...
    scanning @blazejkustra/react-native-alert@1.0.0...
    scanning react-native-health-connect@3.5.3...
    scanning react-native-macos@0.81.7...
    scanning customerio-reactnative@6.5.2...
    scanning react-native-gzip@1.1.0...
    scanning react-native-hyperlink@0.1.2...
    scanning @metamask/react-native-acm@1.2.0...
    scanning react-native-ble-manager@12.5.0...
    scanning react-native-collapsible-tab-view@8.0.1...
    scanning reanimated-color-picker@5.1.1...
    scanning @quidone/react-native-wheel-picker@1.7.0...
    scanning @gluestack-ui/switch@0.1.29...
    scanning @gluestack-ui/transitions@0.1.11...
  ↩️  HTTP 302 → https://unpkg.com/customerio-expo-plugin@3.6.2/package.json
    scanning @gluestack-ui/button@1.0.14...
    scanning @gluestack-ui/hooks@0.1.13...
    scanning @gluestack-ui/checkbox@0.1.39...
    scanning @gluestack-ui/form-control@0.1.19...
    scanning @gluestack-ui/avatar@0.1.18...
    scanning @gluestack-ui/toast@1.0.9...
    scanning react-native-tracking-transparency@0.1.2...
    scanning @gluestack-ui/provider@0.1.19...
    scanning @gluestack-ui/radio@0.1.40...
    scanning @google-cloud/recaptcha-enterprise-react-native@18.9.1...
    scanning @gluestack-ui/textarea@0.1.25...
    scanning @gluestack-ui/input@0.1.38...
    scanning @maplibre/maplibre-react-native@11.3.6...
    scanning react-native-toast-notifications@3.4.0...
    scanning react-native-modalize@2.1.1...
    scanning heroui-native@1.0.4...
    scanning react-native-android-location-enabler@3.0.1...
    scanning @gluestack-ui/icon@0.1.27...
    scanning @gluestack-ui/modal@0.1.41...
    scanning @gluestack-ui/progress@0.1.18...
    scanning @gluestack-ui/alert-dialog@0.1.38...
    scanning react-native-ssl-public-key-pinning@1.2.6...
    scanning @stripe/stripe-terminal-react-native@0.0.1-beta.31...
    scanning react-native-teleport@1.1.9...
    scanning react-native-zoom-reanimated@1.5.4...
    scanning @gluestack-ui/menu@0.2.43...
    scanning @react-native-aria/dialog@0.0.5...
    scanning @gluestack-ui/spinner@0.1.15...
    scanning @gluestack-ui/image@0.1.17...
    scanning @gluestack-style/react@1.0.57...
    scanning react-native-awesome-gallery@0.4.3...
    [150] processed
    scanning @expensify/react-native-live-markdown@0.1.327...
    scanning @ua/react-native-airship@26.6.0...
    scanning @hcaptcha/react-native-hcaptcha@4.0.0...
    scanning @react-native-aria/menu@0.2.15...
    scanning react-native-encrypted-storage@4.0.3...
    scanning @gluestack-ui/slider@0.1.32...
    scanning react-native-file-access@4.0.3...
    scanning @gluestack-ui/divider@0.1.10...
    scanning @sumsub/react-native-mobilesdk-module@1.44.1...
    scanning react-native-reanimated-table@0.0.2...
    scanning @gluestack-ui/fab@0.1.28...
    scanning react-native-network-logger@3.0.0...
    scanning @gluestack-ui/actionsheet@0.2.53...
    scanning react-native-paper-dates@0.23.9...
    scanning @gluestack-ui/tooltip@0.1.44...
    scanning @fortawesome/react-native-fontawesome@1.0.0...
    scanning @microsoft/react-native-clarity@4.6.3...
    scanning @gluestack-ui/alert@0.1.16...
    scanning react-native-agora@4.6.2...
    scanning @gluestack-ui/pressable@0.1.23...
    scanning @gluestack-ui/accordion@1.0.14...
    scanning react-native-volume-manager@2.0.8...
    scanning @gluestack-ui/select@0.1.31...
    scanning rn-emoji-keyboard@1.7.0...
    scanning @gluestack-ui/popover@0.1.49...
    scanning @amplitude/experiment-react-native-client@1.8.0...
    scanning @dr.pogodin/react-native-fs@2.39.1...
    scanning react-native-shake@6.9.5...
    scanning @gluestack-ui/link@0.1.29...
    scanning @preeternal/react-native-cookie-manager@6.3.3...
    scanning @react-native-aria/accordion@0.0.2...
    scanning react-native-currency-input@1.1.1...
    scanning @react-native-aria/button@0.2.10...
    scanning @gluestack-ui/themed@1.1.73...
    scanning @react-native-aria/listbox@0.2.9...
    scanning react-native-shadow-2@7.1.2...
    scanning customerio-expo-plugin@3.6.2...
    scanning react-native-track-player@4.1.2...
    scanning react-native-html-to-pdf@1.3.0...
    scanning appium-espresso-driver@9.0.0...
    scanning react-native-uitextview@2.2.0...
    scanning react-native-tvos@0.86.0-1...
    scanning pressto@0.7.0...
    scanning cordova-android@15.0.0...
    scanning @10play/tentap-editor@1.0.1...
    scanning @react-native-aria/combobox@0.2.7...
    scanning react-native-capture-protection@2.4.1...
    scanning react-native-screenshot-aware@2.0.0...
    scanning sp-react-native-in-app-updates@1.5.0...
  ↩️  HTTP 302 → https://unpkg.com/resolve-from@5.0.0/package.json
    scanning @iterable/react-native-sdk@3.0.1...
    scanning @gluestack-ui/nativewind-utils@1.0.28...
      + discovered resolve-from@5.0.0
    [200] processed
    scanning @react-native-aria/tabs@0.2.13...
    scanning @rive-app/react-native@0.4.11...
    scanning @gluestack-ui/config@1.1.20...
    scanning react-native-fast-confetti@2.0.1...
    scanning react-native-simple-toast@3.3.2...
    scanning react-native-otp-verify@1.2.0...
    scanning @lodev09/react-native-exify@1.0.3...
    scanning @sbaiahmed1/react-native-blur@4.6.4-beta.1...
    scanning react-native-turbo-image@1.24.2...
    scanning react-native-portalize@1.0.7...
    scanning @unleash/proxy@1.4.19...
    scanning react-native-drax@1.1.0...
    scanning rn-pendo-sdk@3.13.2...
    scanning react-native-fast-shimmer@1.3.5...
    scanning react-native-nitro-fetch@1.4.2...
    scanning react-native-a11y-order@1.0.0...
    scanning react-native-circular-progress-indicator@4.4.2...
    scanning @datadog/mobile-react-native-webview@3.5.2...
    scanning react-native-google-cast@4.9.1...
    scanning react-native-android-widget@0.20.3...
    scanning react-native-qrcode-skia@0.4.0...
    scanning react-native-pulsar@1.6.1...
    scanning react-native-emoji-popup@0.3.3...
    scanning reanimated-tab-view@0.5.0...
    scanning @futurejj/react-native-visibility-sensor@1.4.16...
    scanning @wuba/react-native-echarts@3.0.1...
    scanning react-native-phone-input@1.4.1...
    scanning react-native-advanced-input-mask@1.4.6...
    scanning @react-native-community/image-editor@4.3.0...
    scanning react-native-wallet-manager@2.1.0...
    scanning @animatereactnative/marquee@0.5.2...
    scanning @journeyapps/react-native-quick-sqlite@2.5.2...
    scanning react-native-navigation-mode@1.2.9...
    scanning react-native-nitro-cookies@1.2.0...
    scanning expo-native-sheet-emojis@2.1.0...
    scanning react-native-reorderable-list@0.18.0...
    scanning react-native-ease@0.7.3...
    scanning @codeherence/react-native-header@1.0.1...
    scanning react-camera-pro@1.4.0...
    scanning expo-native-emojis-popup@1.1.2...
    scanning @dynatrace/react-native-plugin@2.339.1...
    scanning @pusher/pusher-websocket-react-native@1.3.5...
    scanning react-native-test-app@5.4.0...
    scanning @twilio/voice-react-native-sdk@1.7.0...
    scanning react-native-nitro-sound@0.2.15...
    scanning react-native-localization-settings@1.2.0...
    scanning @google/react-native-make-payment@0.3.0...
    scanning pwa-asset-generator@8.1.5...
    scanning cordova.plugins.diagnostic@7.3.1...
    [250] processed
    scanning react-native-apollo-devtools-client@1.0.4...
    scanning @amplitude/react-native@2.17.3...
    scanning react-native-snackbar@3.0.1...
    scanning react-native-star-rating-widget@1.11.0...
    scanning react-native-zendesk-messaging@0.3.2...
    scanning @capacitor-community/camera-preview@8.0.1...
    scanning react-native-drop-shadow@1.0.3...
    scanning @daily-co/react-native-webrtc@124.0.6-daily.2...
    scanning llama.rn@0.12.5...
    scanning frida@17.15.3...
    scanning react-native-restart-newarch@1.0.85...
    scanning react-native-fast-tflite@3.0.1...
    scanning react-native-notifier@2.0.0...
    scanning react-native-system-navigation-bar@2.8.0...
    scanning @socure-inc/docv-react-native@5.2.7...
    scanning @getcello/cello-react-native@0.13.0...
    scanning react-native-fast-shadow@0.1.1...
    scanning screenkitten@1.0.0...
    scanning logkitten@1.3.3...
    scanning @stripe/stripe-identity-react-native@0.9.0...
    scanning react-native-animateable-text@0.19.2...
    scanning react-swipeable-list@1.10.0...
    scanning react-native-turbo-mock-location-detector@2.3.1...
    scanning react-native-outside-press@1.2.2...
    scanning @appcues/react-native@5.0.6...
    scanning llama-cpp-capacitor@0.1.5...
    scanning terra-react@1.9.6...
    scanning fcm-node@1.6.1...
    scanning capacitor-set-version@2.2.0...
    scanning react-native-external-keyboard@1.0.1...
    scanning @didit-protocol/sdk-react-native@4.0.6...
    scanning @sbaiahmed1/react-native-biometrics@0.15.0...
    scanning klaviyo-react-native-sdk@2.4.1...
    scanning videokitten@1.0.1...
    scanning @stream-io/react-native-webrtc@145.0.0...
    scanning @mixpanel/react-native-session-replay@1.3.0...
    scanning react-native-streamdown@0.2.0...
    scanning react-native-animated-pagination-dots@0.1.73...
    scanning react-native-type-animation@0.4.4...
    scanning react-native-fast-squircle@1.1.5...
    scanning @expo/material-symbols@0.1.1...
    scanning react-native-pdf-thumbnail@1.3.1...
    scanning react-native-screenguard@2.0.2...
    scanning react-native-google-places-textinput@0.9.2...
    scanning aerosync-react-native-sdk@3.0.3...
    scanning @granite-js/image@1.0.33...
    scanning rn-swiper-list@3.0.0...
    scanning react-native-use-keyboard-height@0.1.2...
    scanning analytics-react-native@1.2.0...
    scanning modal@0.8.1...
    scanning react-native-airship@0.3.0...
    [300] processed
    scanning fab@1.0.0-rc.9...
    scanning react-native-clarity@4.6.3...
    scanning react-native-quick-sqlite@8.2.7...
    scanning voice-react-native-sdk@2.0.0-preview.fork.8...
    ✓ 308 packages processed, 113 new candidates queued
    checkpoint saved

  ├─ draining 113 discovered packages...

  Candidates: fetching 113...
    [50/113] checked, 2 new, 0 version updates
    [100/113] checked, 8 new, 0 version updates
  ↑ axios: 1.16.0 → 1.18.0
    [113/113] checked, 10 new, 1 version updates
    ✓ +10 of 113 candidates (319 in store, 8.8% hit rate)
    checkpoint saved — ready to refill
  ├─ pass 2 (discovered only): none queued yet...

  DeepFetch (discovery): 319 packages (319 cache invalidated — re-fetching)...
    scanning 9router@0.5.8...
    scanning @swc/core@1.15.43...
    scanning @parcel/watcher@2.5.6...
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm-eabi@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm64@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-freebsd-x64@1.3.11/package.json
    scanning prisma@7.8.0...
    scanning @sentry/cli@3.5.1...
    scanning better-sqlite3@12.11.1...
    scanning puppeteer@25.2.1...
    scanning cypress@15.18.0...
  ↩️  HTTP 302 → https://unpkg.com/lodash@4.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/commander@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/common-tags@1.8.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/log-symbols@4.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/puppeteer@25.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/fs-extra@9.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/dayjs@1.11.21/package.json
    scanning canvas@3.2.3...
    scanning bcrypt@6.0.0...
  ↩️  HTTP 302 → https://unpkg.com/chalk@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/bluebird@3.7.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/listr2@9.0.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/request-progress@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/request@4.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/yauzl@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/xvfb@1.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/pretty-bytes@5.6.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/arch@2.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/ospath@1.2.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/ci-info@4.4.0/package.json
    scanning lefthook@2.1.9...
  ↩️  HTTP 302 → https://unpkg.com/cachedir@2.4.0/package.json
    scanning sqlite3@6.0.1...
    scanning ffmpeg-static@5.3.0...
  ↩️  HTTP 302 → https://unpkg.com/systeminformation@5.31.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-installed-globally@0.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/executable@4.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/supports-color@8.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/untildify@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/minimist@1.2.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/cypress@15.18.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/env-paths@2.2.1/package.json
    scanning node-sass@9.0.0...
  ↩️  HTTP 302 → https://unpkg.com/@derhuerst/http-basic@8.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/tmp@0.2.7/package.json
    scanning @tensorflow/tfjs-node@4.22.0...
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@5.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/cross-spawn@7.0.6/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@2.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/make-fetch-happen@10.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
  ↩️  HTTP 302 → https://unpkg.com/rimraf@2.7.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/tar@6.2.1/package.json
    scanning wireit@0.14.13...
    scanning esbuild@0.28.1...
    scanning rollup@4.62.2...
    scanning webpack@5.108.0...
    scanning unbuild@3.6.1...
    scanning nx@23.0.1...
    scanning react-native@0.86.0...
    scanning @react-navigation/elements@2.9.26...
    scanning react-native-svg@15.15.5...
  ↩️  HTTP 302 → https://unpkg.com/nx@23.0.1/package.json
    scanning @react-navigation/native@7.3.4...
    scanning @react-navigation/bottom-tabs@7.18.3...
    scanning @react-navigation/native-stack@7.17.6...
    scanning logkitty@0.7.1...
  ↩️  HTTP 302 → https://unpkg.com/packages@0.0.8/package.json
    scanning react-native-keyboard-controller@1.21.12...
    scanning appium-chromedriver@8.4.11...
  ↩️  HTTP 302 → https://unpkg.com/@angular/build@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc-node/register@1.11.1/package.json
    scanning react-native-drawer-layout@4.2.5...
  ↩️  HTTP 302 → https://unpkg.com/@angular-devkit/build-angular@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/ts-node@10.9.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/typescript@6.0.3/package.json
    scanning @react-native-firebase/app@25.1.0...
  ↩️  HTTP 302 → https://unpkg.com/target@0.0.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/key@5.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/powerpack-license@5.0.8/package.json
    scanning react-native-device-info@15.0.2...
  ↩️  HTTP 302 → https://unpkg.com/@nx/devkit@23.0.1/package.json
    scanning @react-navigation/stack@7.10.6...
    scanning react-native-reanimated-carousel@4.0.3...
    scanning react-native-pager-view@8.0.2...
    scanning appium@3.5.2...
    scanning appium-android-driver@13.2.4...
    scanning @react-native-google-signin/google-signin@16.1.2...
    scanning appium-uiautomator2-driver@7.6.2...
    scanning io.appium.settings@7.1.4...
    scanning @react-navigation/drawer@7.12.3...
    scanning react-native-share@12.3.1...
    scanning react-native-tab-view@4.3.1...
    scanning @react-native-menu/menu@2.0.0...
    scanning moti@0.30.0...
    scanning react-native-keychain@10.0.0...
    scanning react-native-haptic-feedback@3.0.0...
    scanning sonner-native@0.26.3...
    scanning react-native-paper@5.15.3...
    [50] processed
    scanning @stripe/stripe-react-native@0.67.0...
    scanning @datadog/mobile-react-native@3.5.2...
    scanning @teovilla/react-native-web-maps@0.9.5...
    scanning @react-navigation/material-top-tabs@7.6.3...
    scanning react-native-quick-base64@3.0.0...
    scanning @futurejj/react-native-checkbox@1.0.7...
  ↩️  HTTP 302 → https://unpkg.com/react@19.2.7/package.json
    scanning @notifee/react-native@9.1.8...
    scanning react-native-graph@1.2.0...
    scanning react-native-tree-multi-select@2.0.21...
    scanning @segment/analytics-react-native@2.23.0...
    scanning @react-native-community/blur@4.4.1...
    scanning react-native-quick-crypto@1.1.5...
    scanning react-native-fbsdk-next@13.4.3...
    scanning react-native-converted-in-sdk@1.1.0...
    scanning react-native-ble-plx@3.5.1...
    scanning react-native-restart@0.0.28...
    scanning @intercom/intercom-react-native@10.3.3...
    scanning @datadog/mobile-react-navigation@3.5.2...
    scanning @rnmapbox/maps@10.3.1...
    scanning react-native-worklets-core@1.6.3...
    scanning react-native-confetti-cannon@1.5.2...
    scanning react-native-unistyles@3.2.5...
    scanning react-native-webrtc@124.0.7...
    scanning react-native-compressor@2.0.2...
    scanning react-native-google-places-autocomplete@2.6.4...
    scanning phosphor-react-native@3.0.6...
    scanning react-native-release-profiler@0.4.4...
    scanning @react-native-aria/utils@0.2.12...
    scanning react-native-youtube-iframe@2.4.1...
    scanning rive-react-native@9.8.3...
    scanning zeego@3.0.6...
    scanning react-native-svg-charts@5.4.0...
    scanning react-native-auth0@5.7.0...
    scanning @react-native-aria/focus@0.2.9...
    scanning react-native-ratings@8.1.0...
    scanning @react-native-aria/interactions@0.2.16...
    scanning react-native-step-indicator@1.0.3...
    scanning @lodev09/react-native-true-sheet@3.11.1...
    scanning react-native-css@3.0.7...
    scanning agent-device@0.17.10...
    scanning @op-engineering/op-sqlite@17.0.0...
    scanning @react-native-aria/overlays@0.3.15...
    scanning @datadog/mobile-react-native-session-replay@3.5.2...
    scanning @react-native-aria/toggle@0.2.11...
    scanning @livekit/react-native-webrtc@144.1.1...
    scanning react-native-enriched-markdown@0.6.0...
    scanning @livekit/react-native@2.11.1...
    scanning @react-native-aria/checkbox@0.2.10...
    scanning react-native-mask-input@1.2.3...
  ↩️  HTTP 302 → https://unpkg.com/react-native@0.86.0/package.json
    scanning react-native-popover-view@6.1.0...
    [100] processed
    scanning react-native-passkey@3.5.0...
    scanning @bam.tech/react-native-image-resizer@3.0.11...
    scanning @backpackapp-io/react-native-toast@0.15.1...
    scanning @react-native-aria/slider@0.2.12...
    scanning @react-native-aria/radio@0.2.13...
    scanning react-native-image-colors@2.6.0...
    scanning @expensify/react-native-wallet@0.1.22...
    scanning react-native-ui-datepicker@3.3.0...
    scanning @gluestack-ui/overlay@0.1.22...
    scanning @blazejkustra/react-native-alert@1.0.0...
    scanning react-native-health-connect@3.5.3...
    scanning react-native-macos@0.81.7...
    scanning customerio-reactnative@6.5.2...
  ↩️  HTTP 302 → https://unpkg.com/customerio-expo-plugin@3.6.2/package.json
    scanning react-native-gzip@1.1.0...
    scanning react-native-hyperlink@0.1.2...
    scanning @metamask/react-native-acm@1.2.0...
    scanning react-native-ble-manager@12.5.0...
    scanning react-native-collapsible-tab-view@8.0.1...
    scanning reanimated-color-picker@5.1.1...
    scanning @quidone/react-native-wheel-picker@1.7.0...
    scanning @gluestack-ui/switch@0.1.29...
    scanning @gluestack-ui/transitions@0.1.11...
    scanning @gluestack-ui/button@1.0.14...
    scanning @gluestack-ui/hooks@0.1.13...
    scanning @gluestack-ui/checkbox@0.1.39...
    scanning @gluestack-ui/form-control@0.1.19...
    scanning @gluestack-ui/avatar@0.1.18...
    scanning @gluestack-ui/toast@1.0.9...
    scanning react-native-tracking-transparency@0.1.2...
    scanning @gluestack-ui/provider@0.1.19...
    scanning @gluestack-ui/radio@0.1.40...
    scanning @google-cloud/recaptcha-enterprise-react-native@18.9.1...
    scanning @gluestack-ui/textarea@0.1.25...
    scanning @gluestack-ui/input@0.1.38...
    scanning @maplibre/maplibre-react-native@11.3.6...
    scanning react-native-toast-notifications@3.4.0...
    scanning react-native-modalize@2.1.1...
    scanning heroui-native@1.0.4...
    scanning react-native-android-location-enabler@3.0.1...
    scanning @gluestack-ui/icon@0.1.27...
    scanning @gluestack-ui/modal@0.1.41...
    scanning @gluestack-ui/progress@0.1.18...
    scanning @gluestack-ui/alert-dialog@0.1.38...
    scanning react-native-ssl-public-key-pinning@1.2.6...
    scanning @stripe/stripe-terminal-react-native@0.0.1-beta.31...
    scanning react-native-teleport@1.1.9...
    scanning react-native-zoom-reanimated@1.5.4...
    scanning @gluestack-ui/menu@0.2.43...
    scanning @react-native-aria/dialog@0.0.5...
    scanning @gluestack-ui/spinner@0.1.15...
    [150] processed
    scanning @gluestack-ui/image@0.1.17...
    scanning @gluestack-style/react@1.0.57...
    scanning react-native-awesome-gallery@0.4.3...
    scanning @expensify/react-native-live-markdown@0.1.327...
    scanning @ua/react-native-airship@26.6.0...
    scanning @hcaptcha/react-native-hcaptcha@4.0.0...
    scanning @react-native-aria/menu@0.2.15...
    scanning react-native-encrypted-storage@4.0.3...
    scanning @gluestack-ui/slider@0.1.32...
    scanning react-native-file-access@4.0.3...
    scanning @gluestack-ui/divider@0.1.10...
    scanning @sumsub/react-native-mobilesdk-module@1.44.1...
    scanning react-native-reanimated-table@0.0.2...
    scanning @gluestack-ui/fab@0.1.28...
    scanning react-native-network-logger@3.0.0...
    scanning @gluestack-ui/actionsheet@0.2.53...
    scanning react-native-paper-dates@0.23.9...
    scanning @gluestack-ui/tooltip@0.1.44...
    scanning @fortawesome/react-native-fontawesome@1.0.0...


…(truncated — 270364 chars total, see artifact for full output)
…*(truncated — full output in artifact)*

📦 Download full scan artifacts (zip)

vbjay and others added 2 commits June 25, 2026 22:40
…ckpoint...' remained

'    saving checkpoint...' is 24 chars; the erase write had 23 spaces,
leaving the trailing '.' visible on its own line before the candidates
drain header.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…kage-lock.json

CI's npm install removes node_modules/git-raw-commits/node_modules/
conventional-commits-filter (a dev/optional/peer dep that doesn't need
deduplication on the CI runner), leaving the lockfile dirty and failing
the git-dirty check.

Normalized with: npm install --ignore-scripts

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions

Copy link
Copy Markdown

✅ PASS — approve-scripts smoke report

All packages with lifecycle scripts are correctly identified as pending approval.

Package Type Status Top risks
@mongodb-js/zstd@7.0.0 direct ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
@playwright/browser-chromium@1.60.0 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
@playwright/browser-firefox@1.60.0 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
@playwright/browser-webkit@1.60.0 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
better-sqlite3@12.11.1 transitive ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
esbuild@0.28.1 transitive ⏳ pending uses child_process (can spawn external commands), makes network requests, contains dense hex-escape sequences (obfuscation indicator)
kerberos@7.0.0 direct ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
nx@22.7.5 transitive ⏳ pending may write outside the package directory, uses child_process (can spawn external commands), runs npm/yarn/pnpm install as a child process at install time (second-stage install — may pull arbitrary packages with scripts enabled)
puppeteer@24.36.1 direct ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity), runs npm/yarn/pnpm install as a child process at install time (second-stage install — may pull arbitrary packages with scripts enabled)
sqlite3@6.0.1 direct ⏳ pending lifecycle script compiles a native binary (.node addon), GYP build has platform-specific conditions - review each branch
unrs-resolver@1.12.2 transitive ⏳ pending downloads a prebuilt binary at install time (supply-chain risk - verify source and integrity)
📦 Download full reports (zip)
@github-actions

Copy link
Copy Markdown

✅ SUCCESS — indicator-suggestions deep scan

Command: node scripts/build-indicator-suggestions.js --add 9router --top 100 --deep

Full scan output (stdout + stderr)

📦 npm indicator-suggestions builder
   out:      /home/runner/work/npm-cli/npm-cli/indicator-suggestions.json
   packages: /home/runner/work/npm-cli/npm-cli/indicator-suggestions.packages.json (permanent store)
   resume:   /home/runner/work/npm-cli/npm-cli/indicator-suggestions.tmp.json  (deleted on success)
   deep:     /home/runner/work/npm-cli/npm-cli/indicator-suggestions.deep  (indicator files cached by name@version)
             with: /home/runner/work/npm-cli/npm-cli/lib/utils/indicator-scanner.js

Loading package data...
  (no existing data — fresh run, targeting 100 packages)

  query order: rust, addon, native, cli, npm, build, wasm, android, react-native, node, javascript
Steps 1–3/5: Scanning popular packages for lifecycle scripts...
  (target: 100 more packages with lifecycle scripts)
  (skipping 0 already-scanned names)
  (first run — recorded changes seq 116,684,968; next run will filter)

  + injected candidate: 9router
  + injected candidate: @swc/core
  ? probing alternate form: core
  + injected candidate: core  (alternate form of '@swc/core')
  + injected candidate: @parcel/watcher
  ? probing alternate form: watcher
  + injected candidate: watcher  (alternate form of '@parcel/watcher')
  + injected candidate: @sentry/cli
  ? probing alternate form: cli
  + injected candidate: cli  (alternate form of '@sentry/cli')
  + injected candidate: prisma
  + injected candidate: puppeteer
  + injected candidate: better-sqlite3
  + injected candidate: canvas
  + injected candidate: cypress
  + injected candidate: bcrypt
  + injected candidate: electron
  + injected candidate: lefthook
  + injected candidate: sqlite3
  + injected candidate: ffmpeg-static
  + injected candidate: node-sass
  + injected candidate: @tensorflow/tfjs-node
  ? probing alternate form: tfjs-node
  + injected candidate: tfjs-node  (alternate form of '@tensorflow/tfjs-node')
  + injected candidate: cross-env
  + injected candidate: cross-spawn
  + injected candidate: shelljs
  + injected candidate: gulp
  + injected candidate: gulp-cli
  + injected candidate: grunt
  + injected candidate: grunt-cli
  + injected candidate: jake
  + injected candidate: just-task
  + injected candidate: nps
  + injected candidate: wireit
  + injected candidate: taskr
  + injected candidate: nake
  + injected candidate: esbuild
  + injected candidate: rollup
  + injected candidate: vite
  + injected candidate: webpack
  + injected candidate: parcel
  + injected candidate: tsup
  + injected candidate: unbuild
  + injected candidate: brunch
  + injected candidate: broccoli
  + injected candidate: fuse-box
  + injected candidate: snowpack
  + injected candidate: nx
  + injected candidate: turborepo
  + injected candidate: lerna

Step 3.25/5: Processing 47 candidates...

  Candidates: fetching 47...
    [47/47] checked, 21 new, 0 version updates
    ✓ +21 of 47 candidates (21 in store, 44.7% hit rate)
    checkpoint saved — ready to refill

  query: keywords:rust
    fetching offset=0...
    p1 offset=0 fetch=122ms | +249 new names, 1 seen-skips | 249 candidates, 21 in store
    saving checkpoint...
                        
    fetching offset=250...
    p2 offset=250 fetch=250ms | +250 new names, 0 seen-skips | 499 candidates, 21 in store
    saving checkpoint...
                        
  Candidates: fetching 499...
    [50/499] checked, 7 new, 0 version updates
    [100/499] checked, 13 new, 0 version updates
    [150/499] checked, 21 new, 0 version updates
    [200/499] checked, 22 new, 0 version updates
    [250/499] checked, 30 new, 0 version updates
    [300/499] checked, 42 new, 0 version updates
    [350/499] checked, 51 new, 0 version updates
    [400/499] checked, 65 new, 0 version updates
    [450/499] checked, 73 new, 0 version updates
    [499/499] checked, 78 new, 0 version updates
    ✓ +78 of 499 candidates (99 in store, 15.6% hit rate)
    checkpoint saved — ready to refill
    fetching offset=500...
    p3 offset=500 fetch=129ms | +250 new names, 0 seen-skips | 250 candidates, 99 in store
    saving checkpoint...
                        
    fetching offset=750...
    p4 offset=750 fetch=206ms | +250 new names, 0 seen-skips | 500 candidates, 99 in store
    saving checkpoint...
                        
  Candidates: fetching 500...
    [50/500] checked, 7 new, 0 version updates
    [100/500] checked, 17 new, 0 version updates
    [150/500] checked, 29 new, 0 version updates
    [200/500] checked, 41 new, 0 version updates
    [250/500] checked, 49 new, 0 version updates
    [300/500] checked, 55 new, 0 version updates
    [350/500] checked, 62 new, 0 version updates
    [400/500] checked, 69 new, 0 version updates
    [450/500] checked, 78 new, 0 version updates
    [500/500] checked, 86 new, 0 version updates
    [500/500] checked, 86 new, 0 version updates
    ✓ +86 of 500 candidates (185 in store, 17.2% hit rate)
    checkpoint saved — ready to refill
  checkpoint: 185 packages, 1046 seen — saved

  ✓ search complete: 1,000 names examined this run (1,046 unique in seen-set)

Step 3.5/4: Expanding scoped packages with unscoped peers...
  checking 70 bare names...
  70 of 70 peers exist — added to candidates

  Candidates: fetching 70...
    [50/70] checked, 2 new, 0 version updates
    [70/70] checked, 3 new, 0 version updates
    ✓ +3 of 70 candidates (188 in store, 4.3% hit rate)
    checkpoint saved — ready to refill
Step 4/5: Deep scanning packages via unpkg...
  ├─ pass 1 (initial full fetch): all 188 packages...

  DeepFetch (reverify): 188 packages (188 new)...
    scanning 9router@0.5.8...
    scanning @swc/core@1.15.43...
    scanning @parcel/watcher@2.5.6...
    scanning @sentry/cli@3.5.1...
    scanning puppeteer@25.2.1...
    scanning better-sqlite3@12.11.1...
    scanning canvas@3.2.3...
    scanning cypress@15.18.0...
  ↩️  HTTP 302 → https://unpkg.com/puppeteer@25.2.1/package.json
    scanning bcrypt@6.0.0...
    scanning lefthook@2.1.9...
    scanning sqlite3@6.0.1...
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm-eabi@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-freebsd-x64@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm64@1.3.11/package.json
      + discovered @swc/core-win32-x64-msvc@1.15.43
      + discovered @swc/core-win32-arm64-msvc@1.15.43
      + discovered @swc/core-win32-ia32-msvc@1.15.43
      + discovered @swc/core-darwin-x64@1.15.43
      + discovered @swc/core-darwin-arm64@1.15.43
      + discovered @swc/core-linux-x64-musl@1.15.43
      + discovered @swc/core-linux-x64-gnu@1.15.43
      + discovered @swc/core-android-arm-eabi@1.3.11
      + discovered @swc/core-linux-arm64-musl@1.15.43
      + discovered @swc/core-linux-arm64-gnu@1.15.43
      + discovered @swc/core-linux-arm-gnueabihf@1.15.43
      + discovered @swc/core-linux-ppc64-gnu@1.15.43
      + discovered @swc/core-freebsd-x64@1.3.11
      + discovered @swc/core-linux-s390x-gnu@1.15.43
      + discovered @swc/core-android-arm64@1.3.11
    scanning ffmpeg-static@5.3.0...
    scanning node-sass@9.0.0...
    scanning @tensorflow/tfjs-node@4.22.0...
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/bluebird@3.7.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/common-tags@1.8.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/xvfb@1.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/lodash@4.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/chalk@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/arch@2.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/ospath@1.2.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/ci-info@4.4.0/package.json
    scanning prisma@7.8.0...
  ↩️  HTTP 302 → https://unpkg.com/systeminformation@5.31.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/log-symbols@4.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cachedir@2.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/executable@4.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/supports-color@8.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-installed-globally@0.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/untildify@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/fs-extra@9.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/dayjs@1.11.21/package.json
  ↩️  HTTP 302 → https://unpkg.com/commander@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/listr2@9.0.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/request@4.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/pretty-bytes@5.6.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/yauzl@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/request-progress@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cypress@15.18.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/tmp@0.2.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/minimist@1.2.8/package.json
      + discovered debug@4.4.3
      + discovered bluebird@3.7.2
      + discovered common-tags@1.8.2
      + discovered @cypress/xvfb@1.2.4
      + discovered lodash@4.18.1
      + discovered hasha@5.2.2
      + discovered chalk@4.1.2
      + discovered execa@4.1.0
      + discovered ospath@1.2.2
      + discovered arch@2.2.0
      + discovered ci-info@4.4.0
      + discovered log-symbols@4.1.0
      + discovered systeminformation@5.31.11
      + discovered cachedir@2.4.0
      + discovered executable@4.1.1
      + discovered supports-color@8.1.1
      + discovered is-installed-globally@0.4.0
      + discovered untildify@4.0.0
      + discovered fs-extra@9.1.0
      + discovered cli-table3@0.6.1
      + discovered dayjs@1.11.21
      + discovered proxy-from-env@1.0.0
      + discovered commander@6.2.1
      + discovered listr2@9.0.5
      + discovered @cypress/request@4.0.1
      + discovered pretty-bytes@5.6.0
      + discovered yauzl@3.4.0
      + discovered request-progress@3.0.0
      + discovered tree-kill@1.2.2
      + discovered tmp@0.2.7
      + discovered minimist@1.2.8
    scanning wireit@0.14.13...
  ↩️  HTTP 302 → https://unpkg.com/env-paths@2.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@derhuerst/http-basic@8.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@5.0.1/package.json
      + discovered env-paths@2.2.1
      + discovered @derhuerst/http-basic@8.2.4
      + discovered progress@2.0.3
      + discovered https-proxy-agent@5.0.1
    scanning esbuild@0.28.1...
    scanning rollup@4.62.2...
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@2.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
  ↩️  HTTP 302 → https://unpkg.com/rimraf@2.7.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/tar@6.2.1/package.json
      + discovered https-proxy-agent@2.2.4
      + discovered adm-zip@0.5.17
      + discovered rimraf@2.7.1
      + discovered tar@6.2.1
  ↩️  HTTP 302 → https://unpkg.com/cross-spawn@7.0.6/package.json
  ↩️  HTTP 302 → https://unpkg.com/make-fetch-happen@10.2.1/package.json
      + discovered make-fetch-happen@10.2.1
      + discovered cross-spawn@7.0.6
    scanning webpack@5.108.0...
    scanning unbuild@3.6.1...
    scanning nx@23.0.1...
    scanning tree-sitter-rust@0.24.0...
    scanning skia-canvas@3.0.8...
    scanning krustykrab@1.1.0...
    scanning agentdb@3.0.0-alpha.17...
    scanning rs-module-lexer@2.8.0...
    scanning ruvector@0.2.32...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/bin/post-install.js
    scanning wasm-pack@0.15.0...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/native/index.js
  ↩️  HTTP 302 → https://unpkg.com/better-sqlite3@11.10.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/sql.js@1.14.1/package.json
      + discovered better-sqlite3@11.10.0
      + discovered sql.js@1.14.1
    scanning bun-pty@0.4.10...
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@7.0.6/package.json
  ↩️  HTTP 302 → https://unpkg.com/follow-redirects@1.16.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/detect-libc@2.1.2/package.json
      + discovered detect-libc@2.1.2
      + discovered follow-redirects@1.16.0
      + discovered https-proxy-agent@7.0.6
    scanning domparser-rs@0.1.1...
    scanning oxide.ts@1.1.0...
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/project-graph/plugins/index.js
  ↩️  HTTP 301 → https://unpkg.com/nx@23.0.1/dist/src/executors/run-commands/run-commands.impl.js
    scanning @googleworkspace/cli@0.22.5...
    scanning ic0@0.3.2...
    scanning wreq-js@2.3.1...
      + discovered @xn-sakina/rml-win32-x64-msvc@2.8.0
      + discovered @xn-sakina/rml-win32-arm64-msvc@2.8.0
      + discovered @xn-sakina/rml-darwin-arm64@2.8.0
      + discovered @xn-sakina/rml-linux-x64-musl@2.8.0
      + discovered @xn-sakina/rml-darwin-x64@2.8.0
      + discovered @xn-sakina/rml-linux-arm64-gnu@2.8.0
      + discovered @xn-sakina/rml-linux-x64-gnu@2.8.0
      + discovered @xn-sakina/rml-linux-arm-gnueabihf@2.8.0
      + discovered @xn-sakina/rml-linux-arm64-musl@2.8.0
    scanning wonjang-agent@1.67.2...
    scanning @kreuzberg/node@4.9.9...
    scanning rrule-rust@3.1.1...
  ↩️  HTTP 302 → https://unpkg.com/nx@23.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/packages@0.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular/build@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/typescript@6.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/ts-node@10.9.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc-node/register@1.11.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/target@0.0.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular-devkit/build-angular@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/devkit@23.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/powerpack-license@5.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/key@5.0.8/package.json
      + discovered tslib@2.8.1
      + discovered picocolors@1.1.1
      + discovered dotenv@16.4.7
      + discovered jsonc-parser@3.3.1
      + discovered axios@1.16.0
      + discovered lines-and-columns@2.0.3
      + discovered ora@5.4.1
      + discovered cli-cursor@3.1.0
      + discovered cli-spinners@2.6.1
      + discovered @zkochan/js-yaml@0.0.7
      + discovered figures@3.2.0
      + discovered tar-stream@2.2.0
      + discovered @napi-rs/wasm-runtime@0.2.4
      + discovered @nx/nx-win32-x64-msvc@23.0.1
      + discovered @nx/nx-win32-arm64-msvc@23.0.1
      + discovered @nx/nx-darwin-x64@23.0.1
      + discovered @nx/nx-darwin-arm64@23.0.1
      + discovered @nx/nx-freebsd-x64@23.0.1
      + discovered @nx/nx-linux-x64-gnu@23.0.1
      + discovered @nx/nx-linux-x64-musl@23.0.1
      + discovered @nx/nx-linux-arm64-musl@23.0.1
      + discovered @nx/nx-linux-arm64-gnu@23.0.1
      + discovered @nx/nx-linux-arm-gnueabihf@23.0.1
      + discovered minimatch@10.2.5
      + discovered dotenv-expand@12.0.3
      + discovered string-width@4.2.3
      + discovered cliui@8.0.1
      + discovered packages@0.0.8
      + discovered resolve.exports@2.0.3
      + discovered flat@5.0.2
      + discovered @angular/build@22.0.4
      + discovered typescript@6.0.3
      + discovered tsconfig-paths@4.2.0
      + discovered ts-node@10.9.2
      + discovered @swc-node/register@1.11.1
      + discovered target@0.0.2
      + discovered ignore@7.0.5
      + discovered semver@7.7.4
      + discovered yaml@2.9.0
      + discovered @angular-devkit/build-angular@22.0.4
      + discovered npm-run-path@4.0.1
      + discovered enquirer@2.3.6
      + discovered yargs-parser@21.1.1
      + discovered @nx/devkit@23.0.1
      + discovered @nx/powerpack-license@5.0.8
      + discovered @nx/key@5.0.8
    scanning @readme/httpsnippet@11.3.1...
    scanning @front-ops/domino@1.4.0...
    scanning @neplex/vectorizer@0.1.0...
    scanning @shapeshift-labs/frontier-lang-compiler@0.2.151...
    scanning codewhale@0.8.64...
    scanning circle-ir@3.107.0...
    scanning 4runr-os@2.11.3...
    scanning tovuk@0.1.106...
    scanning @graphox/cli@0.6.5...
    scanning @fosenai/cord@0.1.0-alpha.80...
    scanning aislop@0.12.1...
    scanning return-style@4.0.0...
    scanning brustjs@0.1.57-alpha...
    scanning terminal-commander@0.1.69...
    scanning @shapeshift-labs/frontier-lang-rust@0.2.9...
    scanning @cooklang/cooklang@0.18.7...
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
  ↩️  HTTP 302 → https://unpkg.com/tar@7.5.17/package.json
      + discovered tar@7.5.17
    scanning @hazae41/foras@2.1.4...
    [50] processed
    scanning @cc-claw/peri@0.6.11...
    scanning @opencoven/coven-code@0.0.36...
    scanning garaga@1.1.0...
    scanning @zackees/soldr@0.7.59...
    scanning @weibaohui/nothing-todo@0.0.71...
    scanning @onebrain-ai/cli@3.2.21...
    scanning @docmd/engine-rust@0.8.8...
    scanning @morshu1/uwuify@1.0.6...
    scanning memvid-cli@2.0.160...
    scanning @regsorm/code-index-mcp@0.42.0...
    scanning @dfinity/vetkeys@0.4.0...
  ↩️  HTTP 302 → https://unpkg.com/command-exists@1.2.9/package.json
  ↩️  HTTP 302 → https://unpkg.com/yn@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/rimraf@3.0.2/package.json
    scanning @yuanchuan/aivo@0.31.5...
    scanning botrun-mcp-rust-pdf@5.1124.1715...
      + discovered command-exists@1.2.9
      + discovered rimraf@3.0.2
      + discovered yn@4.0.0
    scanning @rsvelte/fmt@0.3.20...
    scanning @cometix/ccline@1.1.2...
    scanning polyops@0.1.1...
    scanning results-ts@4.1.1...
    scanning adblock-rs@0.12.5...
    scanning @bobfrankston/msger@0.1.387...
    scanning @cristianexer/dongler@0.3.17...
    scanning @tailcallhq/tailcall@1.6.14...
    scanning lua-rs-wasm@0.0.33...
    scanning spacedatastandards.org@1.99.0...
    scanning scip-query@0.10.6...
    scanning soturail@1.4.0...
    scanning @turtle170/rift@0.1.32...
    scanning @snomiao/bun-pty@0.3.4...
  ↩️  HTTP 302 → https://unpkg.com/detect-libc@2.1.2/package.json
    scanning @hazae41/memory-wasm@2.0.15...
    scanning @reddb-io/cli@1.15.0...
    scanning compression-rspack-plugin@0.2.0...
    scanning elm-test-rs@3.0.2-0...
    scanning @tishlang/cargo-bindgen@2.12.0...
    scanning @autofleet/lint@1.2.4...
    scanning @sponzey/devenv@0.1.28...
    scanning git-patch-native@0.2.0...
    scanning codeseek@0.1.24...
    scanning @msssystems/mss-crypto-wasm@0.1.30...
    scanning @cc-status-line/cli@0.4.2...
    scanning duduclaw@1.25.0...
    scanning @open1s/jsbos@2.3.5...
    scanning phonton-cli@0.21.0...
    scanning @sudobility/heavymath_contracts@0.1.73...
    scanning kagi-cli@0.11.0...
    scanning @hayatialikeles/dtln-rs@0.3.1...
    scanning @icp-sdk/vetkeys@0.5.0-beta.0...
    scanning lema-mcp@0.12.0...
    scanning @mgamil/mapx@0.3.5...
    scanning @hazae41/secp256k1-wasm@2.0.9...
    scanning @ivanlim608/polyglot-ai-testgen@0.3.0...
    scanning codests@0.3.2...
    [100] processed
    scanning mind-expander@0.1.8...
    scanning eversale-cli@2.1.218...
    scanning ctxloom-pro@1.7.10...
    scanning @vecanova/zana@3.15.0...
    scanning neural-trader@2.8.11...
    scanning tscanner@0.1.3...
    scanning pushci@1.9.6...
    scanning @pulseengine/rivet@0.20.0...
    scanning @sylphx/synth-rust@0.3.1...
    scanning @akiojin/gwt@9.38.0...
    scanning @uk-hot/ccline@1.1.7...
    scanning ghostycode@0.0.9...
    scanning selfiek@3.9.0...
    scanning @cubence/cubenceline@1.1.5...
    scanning @grafema/rfdb@0.4.1...
    scanning @bitkyc08/ai-e@0.1.4...
    scanning umadev@1.0.9...
    scanning claude-e@0.1.10...
    scanning @kezaa/bailkers@0.0.7...
    scanning @hazae41/chacha20poly1305-wasm@2.0.5...
    scanning @neural-trader/core@2.0.0...
    scanning @lyricalstring/gale@0.1.5...
    scanning autosnippet@3.4.2...
    scanning @xbbg/core@1.3.1...
    scanning swift-rust@1.10.2...
    scanning asyncapi-rust-ws-template@0.3.2...
    scanning @delicious233/codex-browser-bridge@1.9.1...
    scanning @hazae41/kdbx@0.2.22...
    scanning @oxidezap/baileyrs@0.0.26...
    scanning ccsp@4.1.1...
    scanning sbe-cli@0.4.0...
    scanning cyrene-agent@1.2.1...
    scanning react-native-nitro-crypto@0.3.2...
    scanning roxify@1.16.14...
    scanning config-disassembler@2.5.0...
    scanning @abhinav2203/coderag@1.3.0...
    scanning emacs-lsp-proxy@0.8.2...
    scanning baron-baileys-v2@1.5.6...
    scanning @oxdev03/node-tantivy-binding@0.2.1...
    scanning @lopatnov/conduit@1.1.2...
    scanning subembed@0.1.7...
    scanning coven-code@0.0.22...
    scanning @sudobility/contracts@1.17.78...
    scanning pytxo@0.3.4...
    scanning capacitor-mobile-claw@2.5.1...
    scanning watchexec-bin@1.0.0...
    scanning @hazae41/latrine@2.1.7...
    scanning @hazae41/argon2-wasm@2.0.3...
    scanning @skitee3000/bun-pty@0.3.3...
    scanning @techdebtgpt/archdoc-generator@0.4.6...
    [150] processed
    scanning clone-to-green@0.1.3...
    scanning @beaconbay/ck-search@0.7.11...
    scanning line-bot-sdk-rs@1.1.0...
    scanning crabcode@0.0.4...
    scanning evmdecoder@0.0.70...
    scanning ohrisk@0.150.1...
    scanning claude-code-statusline-pro@4.1.1...
    scanning blurhash-to-css@0.5.5...
    scanning @goreleaser/goreleaser-pro@2.16.0...
    scanning @hazae41/sha3-wasm@2.0.2...
    scanning @goreleaser/goreleaser@2.16.0...
    scanning docx-html-converter@1.0.0...
    scanning c2pa-rs-javascript-library@0.1.7...
    scanning @blockstack/clarity-native-bin@0.3.15...
    scanning swictation@0.7.35...
    scanning comment-bear@1.2.3...
      + discovered jszip@3.10.1
      + discovered tar@7.5.15
      + discovered proxy-agent@8.0.1
    scanning @willh/oracode@0.1.2...
    scanning @jukanntenn/glm-plan-usage@0.3.1...
    scanning @mmmbuto/anthmorph@0.2.4...
    scanning @panden/cclinepro@2.0.2...
    scanning @axtraz/transpic-core@0.3.3...
    scanning @bridgerust/embex@0.1.21...
    scanning neex@0.8.20...
    scanning claurst@0.1.5...
    scanning @ui-perf/critical-path@2.0.0...
    scanning @zuolan/micucodeline@1.5.0...
    scanning @abix/zisk-dev-cli@1.3.12...
    scanning @aimino/opendocswork-mcp@0.2.1...
    scanning node-xlsxwriter@0.1.20...
    scanning react-native-ariel@0.4.0...
    scanning cuba-memorys@0.10.0...
    scanning node@26.4.0...
    scanning baileyrs@0.0.7...
    scanning glm-plan-usage@0.0.1...
  ↩️  HTTP 301 → https://unpkg.com/node@26.4.0/installArchSpecificPackage.js
  ↩️  HTTP 302 → https://unpkg.com/node-bin-setup@1.1.4/package.json
      + discovered node-bin-setup@1.1.4
    ✓ 188 packages processed, 124 new candidates queued
    checkpoint saved

  ├─ draining 124 discovered packages...

  Candidates: fetching 124...
    [50/124] checked, 2 new, 0 version updates
    [100/124] checked, 6 new, 0 version updates
    [124/124] checked, 9 new, 0 version updates
    ✓ +9 of 124 candidates (197 in store, 7.3% hit rate)
    checkpoint saved — ready to refill
  ├─ pass 2 (discovered only): none queued yet...

  DeepFetch (discovery): 197 packages (197 cache invalidated — re-fetching)...
    scanning 9router@0.5.8...
    scanning @swc/core@1.15.43...
    scanning @parcel/watcher@2.5.6...
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm64@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm-eabi@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-freebsd-x64@1.3.11/package.json
    scanning @sentry/cli@3.5.1...
    scanning puppeteer@25.2.1...
    scanning better-sqlite3@12.11.1...
    scanning canvas@3.2.3...
  ↩️  HTTP 302 → https://unpkg.com/puppeteer@25.2.1/package.json
    scanning cypress@15.18.0...
    scanning bcrypt@6.0.0...
    scanning lefthook@2.1.9...
  ↩️  HTTP 302 → https://unpkg.com/@cypress/xvfb@1.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/common-tags@1.8.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/bluebird@3.7.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/chalk@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/arch@2.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/ospath@1.2.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/lodash@4.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/ci-info@4.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/cachedir@2.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/log-symbols@4.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/executable@4.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/supports-color@8.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/systeminformation@5.31.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-installed-globally@0.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/fs-extra@9.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/untildify@4.0.0/package.json
    scanning sqlite3@6.0.1...
  ↩️  HTTP 302 → https://unpkg.com/commander@6.2.1/package.json
    scanning ffmpeg-static@5.3.0...
    scanning node-sass@9.0.0...
    scanning @tensorflow/tfjs-node@4.22.0...
  ↩️  HTTP 302 → https://unpkg.com/dayjs@1.11.21/package.json
  ↩️  HTTP 302 → https://unpkg.com/listr2@9.0.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/request@4.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/request-progress@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/pretty-bytes@5.6.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/yauzl@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/tmp@0.2.7/package.json
  ↩️  HTTP 302 → https://unpkg.com/minimist@1.2.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/cypress@15.18.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/env-paths@2.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@derhuerst/http-basic@8.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@5.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@2.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
    scanning prisma@7.8.0...
  ↩️  HTTP 302 → https://unpkg.com/rimraf@2.7.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/make-fetch-happen@10.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/tar@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/cross-spawn@7.0.6/package.json
    scanning wireit@0.14.13...
    scanning esbuild@0.28.1...
    scanning rollup@4.62.2...
    scanning webpack@5.108.0...
    scanning unbuild@3.6.1...
    scanning nx@23.0.1...
    scanning tree-sitter-rust@0.24.0...
    scanning skia-canvas@3.0.8...
    scanning krustykrab@1.1.0...
    scanning agentdb@3.0.0-alpha.17...
  ↩️  HTTP 302 → https://unpkg.com/nx@23.0.1/package.json
    scanning rs-module-lexer@2.8.0...
    scanning ruvector@0.2.32...
  ↩️  HTTP 302 → https://unpkg.com/packages@0.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular/build@22.0.4/package.json
    scanning wasm-pack@0.15.0...
  ↩️  HTTP 302 → https://unpkg.com/@angular-devkit/build-angular@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc-node/register@1.11.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/target@0.0.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/typescript@6.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/ts-node@10.9.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/key@5.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/powerpack-license@5.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/devkit@23.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/detect-libc@2.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/follow-redirects@1.16.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@7.0.6/package.json
  ↩️  HTTP 302 → https://unpkg.com/sql.js@1.14.1/package.json
    scanning bun-pty@0.4.10...
  ↩️  HTTP 302 → https://unpkg.com/better-sqlite3@11.10.0/package.json
    scanning domparser-rs@0.1.1...
    scanning oxide.ts@1.1.0...
    scanning @googleworkspace/cli@0.22.5...
    scanning ic0@0.3.2...
    scanning wreq-js@2.3.1...
    scanning wonjang-agent@1.67.2...
    scanning @kreuzberg/node@4.9.9...
    scanning rrule-rust@3.1.1...
    scanning @readme/httpsnippet@11.3.1...
    scanning @front-ops/domino@1.4.0...
    scanning @neplex/vectorizer@0.1.0...
    scanning @shapeshift-labs/frontier-lang-compiler@0.2.151...
    scanning codewhale@0.8.64...
    scanning circle-ir@3.107.0...
    scanning 4runr-os@2.11.3...
    scanning tovuk@0.1.106...
    scanning @graphox/cli@0.6.5...
    scanning @fosenai/cord@0.1.0-alpha.80...
    scanning aislop@0.12.1...
    scanning return-style@4.0.0...
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
  ↩️  HTTP 302 → https://unpkg.com/tar@7.5.17/package.json
    scanning brustjs@0.1.57-alpha...
    [50] processed
    scanning terminal-commander@0.1.69...
    scanning @shapeshift-labs/frontier-lang-rust@0.2.9...
    scanning @cooklang/cooklang@0.18.7...
    scanning @hazae41/foras@2.1.4...
    scanning @cc-claw/peri@0.6.11...
    scanning @opencoven/coven-code@0.0.36...
    scanning garaga@1.1.0...
    scanning @zackees/soldr@0.7.59...
    scanning @weibaohui/nothing-todo@0.0.71...
    scanning @onebrain-ai/cli@3.2.21...
    scanning @docmd/engine-rust@0.8.8...
    scanning @morshu1/uwuify@1.0.6...
    scanning memvid-cli@2.0.160...
  ↩️  HTTP 302 → https://unpkg.com/yn@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/command-exists@1.2.9/package.json
  ↩️  HTTP 302 → https://unpkg.com/rimraf@3.0.2/package.json
    scanning @regsorm/code-index-mcp@0.42.0...
    scanning @dfinity/vetkeys@0.4.0...
    scanning @yuanchuan/aivo@0.31.5...
    scanning botrun-mcp-rust-pdf@5.1124.1715...
    scanning @rsvelte/fmt@0.3.20...
    scanning @cometix/ccline@1.1.2...
    scanning polyops@0.1.1...
    scanning results-ts@4.1.1...
    scanning adblock-rs@0.12.5...
    scanning @bobfrankston/msger@0.1.387...
    scanning @cristianexer/dongler@0.3.17...
    scanning @tailcallhq/tailcall@1.6.14...
  ↩️  HTTP 302 → https://unpkg.com/detect-libc@2.1.2/package.json
    scanning lua-rs-wasm@0.0.33...
    scanning spacedatastandards.org@1.99.0...
    scanning scip-query@0.10.6...
    scanning soturail@1.4.0...
    scanning @turtle170/rift@0.1.32...
    scanning @snomiao/bun-pty@0.3.4...
    scanning @hazae41/memory-wasm@2.0.15...
    scanning @reddb-io/cli@1.15.0...
    scanning compression-rspack-plugin@0.2.0...
    scanning elm-test-rs@3.0.2-0...
    scanning @tishlang/cargo-bindgen@2.12.0...
    scanning @autofleet/lint@1.2.4...
    scanning @sponzey/devenv@0.1.28...
    scanning git-patch-native@0.2.0...
    scanning codeseek@0.1.24...
    scanning @msssystems/mss-crypto-wasm@0.1.30...
    scanning @cc-status-line/cli@0.4.2...
    scanning duduclaw@1.25.0...
    scanning @open1s/jsbos@2.3.5...
    scanning phonton-cli@0.21.0...
    scanning @sudobility/heavymath_contracts@0.1.73...
    scanning kagi-cli@0.11.0...
    scanning @hayatialikeles/dtln-rs@0.3.1...
    scanning @icp-sdk/vetkeys@0.5.0-beta.0...
    scanning lema-mcp@0.12.0...
    [100] processed
    scanning @mgamil/mapx@0.3.5...
    scanning @hazae41/secp256k1-wasm@2.0.9...
    scanning @ivanlim608/polyglot-ai-testgen@0.3.0...
    scanning codests@0.3.2...
    scanning mind-expander@0.1.8...
    scanning eversale-cli@2.1.218...
    scanning ctxloom-pro@1.7.10...
    scanning @vecanova/zana@3.15.0...
    scanning neural-trader@2.8.11...
    scanning tscanner@0.1.3...
    scanning pushci@1.9.6...
    scanning @pulseengine/rivet@0.20.0...
    scanning @sylphx/synth-rust@0.3.1...
    scanning @akiojin/gwt@9.38.0...
    scanning @uk-hot/ccline@1.1.7...
    scanning ghostycode@0.0.9...
    scanning selfiek@3.9.0...
    scanning @cubence/cubenceline@1.1.5...
    scanning @grafema/rfdb@0.4.1...
    scanning @bitkyc08/ai-e@0.1.4...
    scanning umadev@1.0.9...
    scanning claude-e@0.1.10...
    scanning @kezaa/bailkers@0.0.7...
    scanning @hazae41/chacha20poly1305-wasm@2.0.5...
    scanning @neural-trader/core@2.0.0...
    scanning @lyricalstring/gale@0.1.5...
    scanning autosnippet@3.4.2...
    scanning @xbbg/core@1.3.1...
    scanning swift-rust@1.10.2...
    scanning asyncapi-rust-ws-template@0.3.2...
    scanning @delicious233/codex-browser-bridge@1.9.1...
    scanning @hazae41/kdbx@0.2.22...
    scanning @oxidezap/baileyrs@0.0.26...
    scanning ccsp@4.1.1...
    scanning sbe-cli@0.4.0...
    scanning cyrene-agent@1.2.1...
    scanning react-native-nitro-crypto@0.3.2...
    scanning roxify@1.16.14...
    scanning config-disassembler@2.5.0...
    scanning @abhinav2203/coderag@1.3.0...
    scanning emacs-lsp-proxy@0.8.2...
    scanning baron-baileys-v2@1.5.6...
    scanning @oxdev03/node-tantivy-binding@0.2.1...
    scanning @lopatnov/conduit@1.1.2...
    scanning subembed@0.1.7...
    scanning coven-code@0.0.22...
    scanning @sudobility/contracts@1.17.78...
    scanning pytxo@0.3.4...
    scanning capacitor-mobile-claw@2.5.1...
    scanning watchexec-bin@1.0.0...
    scanning @hazae41/latrine@2.1.7...
    scanning @hazae41/argon2-wasm@2.0.3...
    scanning @skitee3000/bun-pty@0.3.3...
    [150] processed
    scanning @techdebtgpt/archdoc-generator@0.4.6...
    scanning clone-to-green@0.1.3...
    scanning @beaconbay/ck-search@0.7.11...
    scanning line-bot-sdk-rs@1.1.0...
    scanning crabcode@0.0.4...
    scanning evmdecoder@0.0.70...
    scanning ohrisk@0.150.1...
    scanning claude-code-statusline-pro@4.1.1...
    scanning blurhash-to-css@0.5.5...
    scanning @goreleaser/goreleaser-pro@2.16.0...
    scanning @hazae41/sha3-wasm@2.0.2...
    scanning @goreleaser/goreleaser@2.16.0...
    scanning docx-html-converter@1.0.0...
    scanning c2pa-rs-javascript-library@0.1.7...
    scanning @blockstack/clarity-native-bin@0.3.15...
    scanning swictation@0.7.35...
    scanning comment-bear@1.2.3...
    scanning @willh/oracode@0.1.2...
    scanning @jukanntenn/glm-plan-usage@0.3.1...
    scanning @mmmbuto/anthmorph@0.2.4...
    scanning @panden/cclinepro@2.0.2...
    scanning @axtraz/transpic-core@0.3.3...
    scanning @bridgerust/embex@0.1.21...
    scanning neex@0.8.20...
    scanning claurst@0.1.5...
    scanning @ui-perf/critical-path@2.0.0...
    scanning @zuolan/micucodeline@1.5.0...
    scanning @abix/zisk-dev-cli@1.3.12...
    scanning @aimino/opendocswork-mcp@0.2.1...
    scanning node-xlsxwriter@0.1.20...
    scanning react-native-ariel@0.4.0...
    scanning cuba-memorys@0.10.0...
    scanning node@26.4.0...
  ↩️  HTTP 302 → https://unpkg.com/node-bin-setup@1.1.4/package.json
    scanning baileyrs@0.0.7...
    scanning glm-plan-usage@0.0.1...
    scanning ci-info@4.4.0...
    scanning minimist@1.2.8...
    scanning jsonc-parser@3.3.1...
    scanning axios@1.16.0...
    scanning minimatch@10.2.5...
    scanning cliui@8.0.1...
    scanning ts-node@10.9.2...
    scanning yargs-parser@21.1.1...
    scanning tar@7.5.17...
  ↩️  HTTP 301 → https://unpkg.com/ts-node@10.9.2/register/index.js
    ✓ 197 packages processed, no new candidates
    checkpoint saved

  ├─ reverify: full fetch (197 packages — confirming all deps cached)...

  DeepFetch (reverify): 197 packages (197 cache invalidated — re-fetching)...
    scanning 9router@0.5.8...
    scanning @swc/core@1.15.43...
    scanning @parcel/watcher@2.5.6...
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm-eabi@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-freebsd-x64@1.3.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc/core-android-arm64@1.3.11/package.json
    scanning @sentry/cli@3.5.1...
    scanning puppeteer@25.2.1...
    scanning better-sqlite3@12.11.1...
    scanning canvas@3.2.3...
  ↩️  HTTP 302 → https://unpkg.com/puppeteer@25.2.1/package.json
    scanning cypress@15.18.0...
    scanning bcrypt@6.0.0...
    scanning lefthook@2.1.9...
  ↩️  HTTP 302 → https://unpkg.com/debug@4.4.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/common-tags@1.8.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/chalk@4.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/xvfb@1.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/bluebird@3.7.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/arch@2.2.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/lodash@4.18.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/ospath@1.2.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/ci-info@4.4.0/package.json
    scanning sqlite3@6.0.1...
  ↩️  HTTP 302 → https://unpkg.com/cachedir@2.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/log-symbols@4.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/executable@4.1.1/package.json
    scanning ffmpeg-static@5.3.0...
  ↩️  HTTP 302 → https://unpkg.com/systeminformation@5.31.11/package.json
  ↩️  HTTP 302 → https://unpkg.com/fs-extra@9.1.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/supports-color@8.1.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/is-installed-globally@0.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/untildify@4.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/commander@6.2.1/package.json
    scanning node-sass@9.0.0...
    scanning @tensorflow/tfjs-node@4.22.0...
  ↩️  HTTP 302 → https://unpkg.com/dayjs@1.11.21/package.json
  ↩️  HTTP 302 → https://unpkg.com/request-progress@3.0.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/@cypress/request@4.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/listr2@9.0.5/package.json
  ↩️  HTTP 302 → https://unpkg.com/pretty-bytes@5.6.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/yauzl@3.4.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/tmp@0.2.7/package.json
    scanning prisma@7.8.0...
  ↩️  HTTP 302 → https://unpkg.com/env-paths@2.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/cypress@15.18.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/minimist@1.2.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/@derhuerst/http-basic@8.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@5.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/progress@2.0.3/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@2.2.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/tar@6.2.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/adm-zip@0.5.17/package.json
  ↩️  HTTP 302 → https://unpkg.com/cross-spawn@7.0.6/package.json
  ↩️  HTTP 302 → https://unpkg.com/rimraf@2.7.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/make-fetch-happen@10.2.1/package.json
    scanning wireit@0.14.13...
    scanning esbuild@0.28.1...
    scanning rollup@4.62.2...
    scanning webpack@5.108.0...
    scanning unbuild@3.6.1...
    scanning nx@23.0.1...
    scanning tree-sitter-rust@0.24.0...
    scanning skia-canvas@3.0.8...
    scanning krustykrab@1.1.0...
    scanning agentdb@3.0.0-alpha.17...
    scanning rs-module-lexer@2.8.0...
  ↩️  HTTP 302 → https://unpkg.com/nx@23.0.1/package.json
    scanning ruvector@0.2.32...
  ↩️  HTTP 302 → https://unpkg.com/packages@0.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@angular/build@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/target@0.0.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/@swc-node/register@1.11.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/ts-node@10.9.2/package.json
    scanning wasm-pack@0.15.0...
  ↩️  HTTP 302 → https://unpkg.com/@angular-devkit/build-angular@22.0.4/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/powerpack-license@5.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/devkit@23.0.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/@nx/key@5.0.8/package.json
  ↩️  HTTP 302 → https://unpkg.com/follow-redirects@1.16.0/package.json
  ↩️  HTTP 302 → https://unpkg.com/https-proxy-agent@7.0.6/package.json
  ↩️  HTTP 302 → https://unpkg.com/detect-libc@2.1.2/package.json
  ↩️  HTTP 302 → https://unpkg.com/sql.js@1.14.1/package.json
  ↩️  HTTP 302 → https://unpkg.com/better-sqlite3@11.10.0/package.json
    scanning bun-pty@0.4.10...
    scanning domparser-rs@0.1.1...
    scanning oxide.ts@1.1.0...
    scanning @googleworkspace/cli@0.

…(truncated — 173039 chars total, see artifact for full output)
…*(truncated — full output in artifact)*

📦 Download full scan artifacts (zip)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

3 participants