tsdown
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a set of documentation and configuration files for tsdown, a tool designed for bundling TypeScript libraries. The content is educational and technical, containing no malicious code or instructions.
- [COMMAND_EXECUTION]: The documentation describes features like lifecycle hooks (
build:prepare,build:done) and the--on-successCLI flag that allow developers to execute custom commands or scripts during or after the build process. These are legitimate automation features common to build tools. - [EXTERNAL_DOWNLOADS]: The skill includes instructions for installing various npm dependencies (e.g.,
@tsdown/css,lightningcss,unplugin-vue) and mentions that the tool may download Node.js binaries when bundling standalone executables. These references target well-known package registries and official tool infrastructure. - [DATA_EXFILTRATION]: Documentation recipes provide examples of using hooks to upload build outputs to external services like AWS S3 or CDNs. These are standard deployment patterns and are provided as configuration templates for the user.
Audit Metadata