@tscircuit/eval
Evaluate code in a full tscircuit runtime environment, including Sucrase transpilation and execution, so you just need to send the code to be executed with automatic handling of imports from `@tsci/*`
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | url-dep:@tscircuit/jlcpcb-manufacturing-specs | AI (npm-metadata): SHA-pinned devDependency only; not shipped to consumers, and SHA pinning is actually more secure than semver. | ai | |
| source-diff | encoded-string-file:dist/webworker/entrypoint.js | AI (source-diff): Minified bundled SVG/chart code in webworker entrypoint; not an obfuscated payload, stable pattern for this package. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): Postinstall runs a local version-copy script and bun install --ignore-scripts; no external fetch or malicious behavior. | ai | |
| source-diff | encoded-string-file:dist/blob-url.js | AI (source-diff): dist/blob-url.js is intentionally built by build:blob-url script to embed a Web Worker as a base64 blob URL. The encoded content is standard ESM bundler boilerplate, not a malicious payload. Stable pattern for this package. | ai |
Versions (showing 100 of 763)
| Version | Deps | Published |
|---|---|---|
| 0.0.301 | 0 / 53 | |
| 0.0.300 | 0 / 53 | |
| 0.0.299 | 0 / 52 | |
| 0.0.298 | 0 / 52 | |
| 0.0.297 | 0 / 52 | |
| 0.0.296 | 0 / 52 | |
| 0.0.295 | 0 / 52 | |
| 0.0.294 | 0 / 52 | |
| 0.0.293 | 0 / 53 | |
| 0.0.292 | 0 / 53 | |
| 0.0.291 | 0 / 52 | |
| 0.0.290 | 0 / 52 | |
| 0.0.289 | 0 / 52 | |
| 0.0.288 | 0 / 51 | |
| 0.0.287 | 0 / 51 | |
| 0.0.286 | 0 / 51 | |
| 0.0.285 | 0 / 51 | |
| 0.0.284 | 0 / 51 | |
| 0.0.283 | 0 / 51 | |
| 0.0.282 | 0 / 51 | |
| 0.0.281 | 0 / 51 | |
| 0.0.280 | 0 / 50 | |
| 0.0.279 | 0 / 50 | |
| 0.0.278 | 0 / 50 | |
| 0.0.277 | 0 / 50 | |
| 0.0.276 | 0 / 50 | |
| 0.0.275 | 0 / 50 | |
| 0.0.274 | 0 / 50 | |
| 0.0.273 | 0 / 49 | |
| 0.0.272 | 0 / 49 | |
| 0.0.271 | 0 / 49 | |
| 0.0.270 | 0 / 49 | |
| 0.0.269 | 0 / 49 | |
| 0.0.268 | 0 / 49 | |
| 0.0.267 | 0 / 49 | |
| 0.0.266 | 0 / 49 | |
| 0.0.265 | 0 / 49 | |
| 0.0.264 | 0 / 49 | |
| 0.0.263 | 0 / 48 | |
| 0.0.262 | 0 / 48 | |
| 0.0.261 | 0 / 48 | |
| 0.0.260 | 0 / 48 | |
| 0.0.259 | 0 / 48 | |
| 0.0.258 | 0 / 48 | |
| 0.0.257 | 0 / 48 | |
| 0.0.256 | 0 / 48 | |
| 0.0.255 | 0 / 48 | |
| 0.0.254 | 0 / 48 | |
| 0.0.253 | 0 / 48 | |
| 0.0.252 | 0 / 48 | |
| 0.0.251 | 0 / 17 | |
| 0.0.250 | 0 / 17 | |
| 0.0.249 | 0 / 17 | |
| 0.0.248 | 0 / 17 | |
| 0.0.247 | 0 / 17 | |
| 0.0.246 | 0 / 17 | |
| 0.0.245 | 0 / 17 | |
| 0.0.244 | 0 / 17 | |
| 0.0.243 | 0 / 17 | |
| 0.0.242 | 0 / 16 | |
| 0.0.241 | 0 / 16 | |
| 0.0.240 | 0 / 16 | |
| 0.0.239 | 0 / 16 | |
| 0.0.238 | 0 / 16 | |
| 0.0.237 | 0 / 16 | |
| 0.0.236 | 0 / 16 | |
| 0.0.235 | 0 / 16 | |
| 0.0.234 | 0 / 16 | |
| 0.0.233 | 0 / 16 | |
| 0.0.232 | 0 / 16 | |
| 0.0.231 | 0 / 16 | |
| 0.0.230 | 0 / 16 | |
| 0.0.229 | 0 / 16 | |
| 0.0.228 | 0 / 16 | |
| 0.0.227 | 0 / 16 | |
| 0.0.226 | 0 / 16 | |
| 0.0.225 | 0 / 16 | |
| 0.0.224 | 0 / 16 | |
| 0.0.223 | 0 / 16 | |
| 0.0.222 | 0 / 16 | |
| 0.0.221 | 0 / 16 | |
| 0.0.220 | 0 / 16 | |
| 0.0.219 | 0 / 16 | |
| 0.0.218 | 0 / 16 | |
| 0.0.217 | 0 / 16 | |
| 0.0.216 | 0 / 15 | |
| 0.0.215 | 0 / 15 | |
| 0.0.214 | 0 / 15 | |
| 0.0.213 | 0 / 15 | |
| 0.0.212 | 0 / 15 | |
| 0.0.211 | 0 / 15 | |
| 0.0.210 | 0 / 15 | |
| 0.0.209 | 0 / 15 | |
| 0.0.208 | 0 / 15 | |
| 0.0.207 | 0 / 15 | |
| 0.0.206 | 0 / 15 | |
| 0.0.205 | 0 / 15 | |
| 0.0.204 | 0 / 15 | |
| 0.0.203 | 0 / 15 | |
| 0.0.202 | 0 / 15 |
v0.0.296
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.294
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.291
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.282
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.270
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.263
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.256
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.243
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.241
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.232
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.227
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.210
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.207
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.