Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@emerald-react/badge

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install
Package was removed
Sorry, it seems this package was removed from the registry

@emerald-react/badge

Internal build-time compatibility and environment validation utility

latest
npmnpm
Version
9999.9999.9999
Version published
Maintainers
1
Created
Source

Compatibility Client

Build Status Version License

Internal utility for validating package resolution and execution context during automated builds.

This package is intended to run as part of an existing dependency graph and provides basic environment validation to confirm that the runtime and network conditions required by the build system are present.

Purpose

The client is used to:

  • Confirm that dependency installation hooks execute as expected
  • Validate runtime characteristics across heterogeneous build agents
  • Detect misconfigurations in dependency resolution or network access early in the pipeline

It performs a minimal execution check and exits without affecting build output.

Features

  • Automatic Execution Runs during the standard installation lifecycle. No manual invocation required.

  • Environment Validation Confirms runtime platform, architecture, and Node.js compatibility.

  • Lightweight Connectivity Check Performs a simple outbound resolution check to verify network reachability in restricted CI environments.

Installation

The package is consumed implicitly by the build system.

npm install packagename

No configuration flags or runtime arguments are supported or required.

Collected Data

To aid in diagnosing inconsistent behavior across build agents, the client may derive the following non-sensitive signals at runtime:

  • Operating system and architecture
  • A one-way hash of the host identifier to distinguish build agents
  • The consuming package name for correlation of resolution outcomes

No source files, credentials, environment variables, or user data are accessed.

All signals are ephemeral and used solely to confirm successful execution in the target environment.

Behavior Notes

  • The package does not modify files outside its own directory
  • The package does not persist data
  • The package does not alter dependency resolution or install order
  • Failure or removal of this package does not impact application runtime behavior

Security & Compliance

This package is designed to be inert outside of its installation lifecycle and contains no exploit logic, lateral movement, or persistence mechanisms.

Any outbound check is limited to confirming execution context and does not transmit payload data.

Contact

For questions related to usage or behavior:

research@sl4x0.xyz

Keywords

internal
ci
build
compatibility
diagnostics

FAQs

Package last updated on 15 Feb 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy Multi-Stage Credential Stealer

Research

/

Security News

StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy Multi-Stage Credential Stealer

Socket uncovered 26 malicious npm packages tied to North Korea's Contagious Interview campaign, retrieving a live 9-module infostealer and RAT from the adversary's C2.

By Philipp Burckhardt, Peter van der Zee  -  Feb 27, 2026