Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 435Mature · −50% score
- First published
- Nov 2020
- Publisher
- adobe-admin
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@adobe/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@adobe/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Remote Payload
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 8 · status changed
Evidence
Static findings
3 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Payload | package/algolia/index-records.js | — | 12 |
| medium | Remote Payload | package/src/components/Layout/index.js | — | 12 |
Show all 3 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Payload | package/algolia/index-records.js | — | 12 |
| medium | Remote Payload | package/src/components/Layout/index.js | — | 12 |
| low | Install-time lifecycle script | package.json | — | 5 |
Manifest
Package metadata
Scripts 2
Sign in to view install / lifecycle script contents.
Dependencies90
@adobe/focus-ring-polyfill^0.1.5@adobe/gatsby-source-github-file-contributors^0.3.1@adobe/prism-adobe^1.0.3@emotion/react^11.10.4@loadable/component^5.15.2@mdx-js/mdx1.6.22@mdx-js/react1.6.22@spectrum-css/accordion3.0.24@spectrum-css/actionbutton2.1.7@spectrum-css/actiongroup^2.0.0@spectrum-css/assetlist3.0.24@spectrum-css/badge^1.0.20@spectrum-css/breadcrumb5.0.0@spectrum-css/button6.0.13@spectrum-css/card5.0.0@spectrum-css/checkbox3.1.3@spectrum-css/contextualhelp^2.0.35@spectrum-css/dialog6.0.15@spectrum-css/divider1.0.27@spectrum-css/icon3.0.23@spectrum-css/inlinealert4.0.13@spectrum-css/link3.1.23@spectrum-css/menu4.0.4@spectrum-css/modal3.0.23@spectrum-css/picker1.2.12@spectrum-css/popover5.0.18@spectrum-css/progresscircle1.0.23@spectrum-css/search4.2.12@spectrum-css/sidenav3.0.24@spectrum-css/table4.0.19- …and 60 more.