PkgRadar

Package evidence

@amazon-devices/[email protected]

Suspicious Publish Context: {"package_age_days":7,"publisher":"amazon-devices-admin","burst_same_day":0,"burst_week":1,"lure":{"kind":"token_affix","target":"react"},"version_anomaly":false,"new_account":false}

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
116
Versions published
2
First published
Jun 2026
Publisher
amazon-devices-admin

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@amazon-devices/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@amazon-devices/[email protected]"],"fail_on":"review"}'
Publisheramazon-devices-admin
Artifact bytes442,850
Previous version1.0.0-rn-83
Published2026-06-19T20:07:04.274Z
SHA-25627f664988597efeecb3ee803a4f85738d6f4058c29374da0f7b7345e09bd0958

Why flagged

What the scanner saw

Suspicious Publish Context: {"package_age_days":7,"publisher":"amazon-devices-admin","burst_same_day":0,"burst_week":1,"lure":{"kind":"token_affix","target":"react"},"version_anomaly":false,"new_account":false}

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
10Score
1.0.0Version
Status history (1 event)
  1. newavailable · risk review · score 10 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumSuspicious Publish Contextmanifest{"package_age_days":7,"publisher":"amazon-devices-admin","burst_same_day":0,"burst_week":1,"lure":{"kind":"token_affix","target":"react"},"version_anomaly":false,"new_account":false}10

Manifest

Package metadata

Scripts28
  • buildyarn workspace @amazon-devices/babel-plugin-worklets build && bob build && yarn build:unpackers
  • build:unpackersnode ./scripts/export-unpackers.js
  • circular-dependency-checkyarn madge --extensions js,jsx --circular lib
  • find-unused-code:jsknip
  • formatyarn format:js && yarn format:plugin && yarn format:common && yarn format:android && yarn format:apple
  • format:androidyarn format:android:java && yarn format:android:cpp && yarn format:android:cmake
  • format:android:cmakefind ./android -type d \( -name build -o -name .cxx \) -prune -o -type f -name 'CMakeLists.txt' -print | xargs ../../scripts/format-cmake.sh
  • format:android:cppfind android/src -iname "*.h" -o -iname "*.cpp" | xargs clang-format -i
  • format:android:javanode ../../scripts/format-java.js
  • format:applefind apple -iname "*.h" -o -iname "*.m" -o -iname "*.mm" -o -iname "*.cpp" | xargs clang-format -i
  • format:commonfind Common -iname "*.h" -o -iname "*.cpp" | xargs clang-format -i
  • format:jsprettier --write --list-different src
  • format:pluginyarn workspace babel-plugin-worklets format
  • lintyarn lint:js && yarn lint:common && yarn lint:plugin && yarn lint:android && yarn lint:apple
  • lint:android../../scripts/validate-android.sh && ./android/gradlew -p android spotlessCheck -q && ../../scripts/cpplint.sh android/src && yarn format:android:cpp --dry-run -Werror && yarn lint:cmake
  • lint:apple../../scripts/validate-apple.sh && yarn format:apple --dry-run -Werror
  • lint:clang-tidyfind Common -iname "*.h" -o -iname "*.cpp" | xargs ../../scripts/clang-tidy-lint.sh
  • lint:cmakefind ./android -type d \( -name build -o -name .cxx \) -prune -o -type f -name 'CMakeLists.txt' -print | xargs ../../scripts/lint-cmake.sh
  • lint:common../../scripts/validate-common.sh && ../../scripts/cpplint.sh Common && yarn format:common --dry-run -Werror
  • lint:jseslint src && yarn prettier --check src
  • lint:pluginyarn workspace babel-plugin-worklets lint
  • testjest
  • type:checkyarn type:check:src && yarn type:check:plugin && yarn type:check:app && yarn type:check:tests
  • type:check:appyarn workspace common-app type:check
  • type:check:pluginyarn workspace babel-plugin-worklets type:check
  • type:check:srcyarn tsc --noEmit
  • type:check:tests../../scripts/test-ts.sh __typetests__
  • use-strict-checknode ../../scripts/validate-use-strict.js
Dependencies11
  • @babel/plugin-transform-arrow-functions^7.0.0-0
  • @babel/plugin-transform-class-properties^7.0.0-0
  • @babel/plugin-transform-classes^7.0.0-0
  • @babel/plugin-transform-nullish-coalescing-operator^7.0.0-0
  • @babel/plugin-transform-optional-chaining^7.0.0-0
  • @babel/plugin-transform-shorthand-properties^7.0.0-0
  • @babel/plugin-transform-template-literals^7.0.0-0
  • @babel/plugin-transform-unicode-regex^7.0.0-0
  • @babel/preset-typescript^7.16.7
  • convert-source-map^2.0.0
  • semver7.7.2