Package evidence

@adplenty-tech/[email protected]

Large Javascript Payload: 5826413 bytes

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 233Mature · −50% score
First published: Nov 2024
Publisher: ignas.adplenty

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@adplenty-tech/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@adplenty-tech/[email protected]"],"fail_on":"review"}'

Publisherignas.adplenty

Artifact bytes2,137,560

Previous version1.9.65-beta.fix-libmacro-url-validation.0

Published2026-05-21T07:19:32.351Z

SHA-256a788d1a6d992e4701b2ffb5a3a55d612f9fdcc691903d9738579a23600c6f94e

Why flagged

What the scanner saw

Large Javascript Payload: 5826413 bytes

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

18d agoLast checked

reviewRisk

5Score

1.9.65Version

Status history (1 event)

new → available18d ago · risk review · score 5 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
medium	Large Javascript Payload	package/build/index.js	5826413 bytes	10

Manifest

Package metadata

Scripts8

buildcross-env NODE_ENV=production ./node_modules/.bin/gulp prod
build:linkedconcurrently "npm run build:watch" "npm run build:push"
build:pushnodemon --watch build --ext js,css,html,json --exec "yalc push --changed"
build:watchcross-env NODE_ENV=production ./node_modules/.bin/gulp prod-watch
localcross-env NODE_ENV=local ./node_modules/.bin/gulp dev
previewcross-env NODE_ENV=preview ./node_modules/.bin/gulp prod
pubnpm run build && git add . && npm version patch --force && npm publish --access public && git push --follow-tags
pub:betaBRANCH=$(git rev-parse --abbrev-ref HEAD | sed 's/[^a-zA-Z0-9]/-/g' | tr '[:upper:]' '[:lower:]' | cut -c1-30) && CURRENT_PREID=$(node -p "const version=require('./package.json').version; const prerelease=version.includes('-') ? version.slice(version.indexOf('-') + 1) : ''; prerelease.replace(/\.[0-9]+$/, '')") && npm run build && git add . && if [ "$CURRENT_PREID" = "beta.$BRANCH" ]; then npm version prerelease; else npm version prerelease --preid=beta.$BRANCH; fi && git push --follow-tags && npm publish --tag beta

Dependencies24

@fullcalendar/core^6.1.9
@fullcalendar/daygrid^6.1.9
@fullcalendar/interaction^6.1.9
@fullcalendar/timegrid^6.1.9
@material/slider^14.0.0
angular-animate^1.8.3
angular-aria^1.8.3
angular-cookies^1.8.3
angular-material^1.2.5
angular-material-data-table^0.10.10
angular-moment^1.3.0
angular-nvd3^1.0.9
angular-ui-ace^0.2.3
brace^0.11.1
cropperjs^1.6.1
d3^3.5.6
handlebars^4.7.8
handlebars-helpers^0.10.0
humanize-duration^3.27.3
lodash^4.17.21
ngmap^1.18.5
ngstorage^0.3.11
nvd3^1.8.6
quill^1.3.7