Is left-pad safe?
No significant risks found
left-pad is an AI npm_package analyzed by SkillTotal's deterministic static scanner. The scan found no malicious indicators. It can: no notable capabilities — capabilities are what the code can do, not a verdict on intent. Risk score 0/100 (low).
left-pad 1.3.0
npm_package · npm:left-pad
LOW
0
/ 100 risk score
Snapshot · scanned Jul 5, 2026 · left-pad@1.3.0 · engine 0.30.0 / ruleset 28
Automated static-analysis result. It can contain false positives and false negatives, and is not a claim about the intent of left-pad's authors. Report a false positive.
Check your own component
Run the same evidence-backed scan on any MCP server, agent skill, or package.
Scan your own componentOr get notified if this component's risk changes:
How we determine this: deterministic static analysis (regex + AST), evidence-anchored, no code execution. Methodology →