Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 1,318Niche · −30% score
- Versions published
- 326Mature · −50% score
- First published
- Nov 2019
- Publisher
- console-fe
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@alicloud/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@alicloud/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
No high-signal static finding in the saved report.
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
No findings stored for this release.
Manifest
Package metadata
Scripts30
// 单元测试npm run cy:open// 构建被 prepublishOnly 使用bootrm -rf node_modules && npm ibuild-in-localenpm run prepublishOnlybuild:allnpm run check-fusion-version && concurrently --kill-others-on-fail --success all "npm:build:esm" "npm:build:cjs" "npm:build:types" "npm:build:css"build:bundlebreezr build --engine webpackbuild:bundle:xconsolebreezr build --engine webpack --config ./breezr.config.xconsole.jsbuild:cjstsc -p src --outDir build/cjs --module commonjs --declaration false --declarationMap false --sourceMap falsebuild:cssnode ./scripts/build-css.mjsbuild:docxpkg build:docbuild:esmtsc -p src --outDir build/esm --module es2015 --declaration false --declarationMap false --sourceMap falsebuild:typestsc -p src --outDir build/types --declaration --emitDeclarationOnly --declarationMap falsebump-verchangeset pre exit ; changeset add && changeset versionbump-ver:alphachangeset pre exit ; changeset pre enter alpha && changeset add && changeset versionbump-ver:betanpm run update-theme && (changeset pre exit ; changeset pre enter beta) && changeset add && changeset versionchangesetchangesetcheck-fusion-versionnode ./scripts/check-fusion-version.jscleanrm -rf build dist esm lib typescy:opencross-env NODE_ENV=test cypress opendevstorybook dev -p 6006gene-defnode ./scripts/gene-css-def.mjspreparehuskyprepublishOnlynpm run clean && npm run build:all && echo "Prepare package successfully!" && node ./scripts/prepare.js --trace-warnings --unhandled-rejections=stricttest:coveragenyc cypress run --componenttest:cypressnpx cypress run --componenttest:visualjest --config ./jest.config.js --no-cachetest:visual:diffnode tests/scripts/visual-diff.mjstest:visual:imagesNODE_ENV=test jest --config ./jest.images.js --no-cache --maxWorkers=4test:visual:with-servernode tests/scripts/start-test-server.js jest --config ./jest.images.js --no-cache --maxWorkers=4update-themenode ./scripts/update-theme.mjs && npm run gene-def
Dependencies8
@alicloud/react-hook-controllable^1.2.0@alifd/next~1.27.30classnames^2.3.2cross-env^7.0.3dayjs^1.11.7hoist-non-react-statics^3.3.2react-loading-skeleton^3.0.0ts-node-dev^2.0.0