PkgRadar

Package evidence

@adlfe/[email protected]

Remote Dependency Spec, Oversized Unscanned, New Remote Dependency Vs Previous

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
9
First published
Feb 2025
Publisher
adlfe

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Add to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@adlfe/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@adlfe/[email protected]"],"fail_on":"review"}'
Publisheradlfe
Artifact bytes62,380,619
Previous version2.10.0
Published2026-02-27T08:24:22.557Z
SHA-256

Why flagged

What the scanner saw

Remote Dependency Spec

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
24Score
2.10.2Version
Status history (1 event)
  1. newavailable · risk review · score 24 · status changed

Evidence

Static findings

2 static · 1 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumRemote Dependency Specpackage.json12
mediumNew Remote Dependency Vs Previouspackage.json12
Show all 3 findings (low-signal and informational)
SeverityKindPathDetailPoints
mediumRemote Dependency Specpackage.json12
mediumNew Remote Dependency Vs Previouspackage.json12
lowOversized Unscannedmanifest0

Manifest

Package metadata

Scripts 7

Sign in to view install / lifecycle script contents.

Dependencies41
  • @agm/core~1.1.0
  • @angular/animations~9.0.0
  • @angular/cdk^9.2.4
  • @angular/common~9.0.0
  • @angular/compiler~9.0.0
  • @angular/core~9.0.0
  • @angular/flex-layout^13.0.0-beta.38
  • @angular/forms~9.0.0
  • @angular/localize^9.1.13
  • @angular/material^9.2.4
  • @angular/platform-browser~9.0.0
  • @angular/platform-browser-dynamic~9.0.0
  • @angular/router~9.0.0
  • @ctrl/ngx-emoji-mart^5.1.2
  • @kolkov/angular-editor^1.2.0
  • @ng-bootstrap/ng-bootstrap^9.1.3
  • @types/google.maps~3.48.8
  • @types/jwt-decode^3.1.0
  • angularx-social-login^3.5.7
  • bootstrap^4.5.0
  • chart.js^2.9.4
  • classlist.js^1.1.20150312
  • core-js^2.5.1
  • d3^7.3.0
  • echarts^4.2.1
  • echarts-gl^2.0.9
  • file-saver^2.0.5
  • flowygithub:iammukeshpatel/flowy#support-ie
  • jquery^3.6.0
  • jwt-decode^3.1.2
  • …and 11 more.