Package evidence

@anker-in/[email protected]

Obfuscation Density: high encoded/escaped-token density

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 210
Versions published: 155Mature · −50% score
First published: Sep 2024
Publisher: josie.zhou

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@anker-in/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@anker-in/[email protected]"],"fail_on":"review"}'

Publisherjosie.zhou

Artifact bytes954,623

Previous version0.4.4

Published2026-05-28T08:24:17.670Z

SHA-256e0679e020dd792afa3bb90987003b9f6c1d3750806dd680832bd80583e5e739c

Why flagged

What the scanner saw

Obfuscation Density: high encoded/escaped-token density

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

16d agoLast checked

reviewRisk

12Score

0.4.5-beta.1Version

Status history (1 event)

new → available16d ago · risk review · score 12 · status changed

Evidence

Static findings

2 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
medium	Obfuscation Density	package/dist/cjs/stories/LiveChatWidget.stories.js	high encoded/escaped-token density	12
medium	Obfuscation Density	package/dist/esm/stories/LiveChatWidget.stories.js	high encoded/escaped-token density	12

Manifest

Package metadata

Scripts12

buildpnpm run build:css & pnpm run build:js:esm & pnpm run build:js:cjs & pnpm run build:js:esm:types & pnpm run build:js:cjs:types
build:csspostcss src/styles/global.css -o style.css
build:js:cjsnode esbuild-cjs.mjs
build:js:cjs:typestsc --outdir dist/cjs
build:js:esmnode esbuild-esm.mjs
build:js:esm:typestsc --outdir dist/esm
cleanrm -rf .turbo node_modules dist style.css
devpnpm run dev:css & tsup --watch
dev:csspostcss src/styles/global.css -o style.css --watch
linteslint "src/**/*.ts*"
testecho run @anker-in/campaign-ui tests
type-checktsc --noEmit

Dependencies31

@anker-in/lib1.1.3
@copilotkit/react-core1.1.2
@copilotkit/react-ui1.1.2
@copilotkit/runtime-client-gql1.1.2
@copilotkit/shared1.1.2
@monaco-editor/react^4.6.0
@radix-ui/react-checkbox^1.0.4
@radix-ui/react-dialog^1.0.5
@radix-ui/react-icons^1.3.0
@radix-ui/react-popover^1.0.7
@radix-ui/react-radio-group^1.1.3
@radix-ui/react-slot^1.0.2
@radix-ui/react-visually-hidden^1.0.3
autoprefixer^10.4.19
class-variance-authority^0.7.0
clsx^2.1.1
crypto-js^4.2.0
dayjs^1.11.7
decimal.js^10.4.3
gsap^3.12.5
js-cookie^3.0.5
monaco-editor^0.52.0
postcss^8.4.38
react^18.3.1
react-codepen-embed^1.1.0
react-dom^18.3.1
react-markdown^10.1.0
remark-gfm^4.0.1
swiper^11.1.3
tailwind-merge^2.3.0
…and 1 more.