Package evidence

@anker-in/[email protected]

Obfuscation Density: high encoded/escaped-token density

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 210
Versions published: 158Mature · −50% score
First published: Sep 2024
Publisher: josie.zhou

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@anker-in/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@anker-in/[email protected]"],"fail_on":"review"}'

Publisherjosie.zhou

Artifact bytes954,670

Previous version0.4.5-beta.3

Published2026-05-29T07:46:40.191Z

SHA-2562b58fa058669d7bfb638da149792825bf324c1c9f8709336a58fe4f1377d711c

Why flagged

What the scanner saw

Obfuscation Density: high encoded/escaped-token density

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low

15d agoLast checked

lowRisk

0Score

0.4.5-beta.4Version

Status history (1 event)

new → available15d ago · risk low · score 0 · status changed

Evidence

Static findings

2 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 2 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
low	Obfuscation Density	package/dist/cjs/stories/LiveChatWidget.stories.js	high encoded/escaped-token density	0
low	Obfuscation Density	package/dist/esm/stories/LiveChatWidget.stories.js	high encoded/escaped-token density	0

Manifest

Package metadata

Scripts12

buildpnpm run build:css & pnpm run build:js:esm & pnpm run build:js:cjs & pnpm run build:js:esm:types & pnpm run build:js:cjs:types
build:csspostcss src/styles/global.css -o style.css
build:js:cjsnode esbuild-cjs.mjs
build:js:cjs:typestsc --outdir dist/cjs
build:js:esmnode esbuild-esm.mjs
build:js:esm:typestsc --outdir dist/esm
cleanrm -rf .turbo node_modules dist style.css
devpnpm run dev:css & tsup --watch
dev:csspostcss src/styles/global.css -o style.css --watch
linteslint "src/**/*.ts*"
testecho run @anker-in/campaign-ui tests
type-checktsc --noEmit

Dependencies31

@anker-in/lib1.1.4
@copilotkit/react-core1.1.2
@copilotkit/react-ui1.1.2
@copilotkit/runtime-client-gql1.1.2
@copilotkit/shared1.1.2
@monaco-editor/react^4.6.0
@radix-ui/react-checkbox^1.0.4
@radix-ui/react-dialog^1.0.5
@radix-ui/react-icons^1.3.0
@radix-ui/react-popover^1.0.7
@radix-ui/react-radio-group^1.1.3
@radix-ui/react-slot^1.0.2
@radix-ui/react-visually-hidden^1.0.3
autoprefixer^10.4.19
class-variance-authority^0.7.0
clsx^2.1.1
crypto-js^4.2.0
dayjs^1.11.7
decimal.js^10.4.3
gsap^3.12.5
js-cookie^3.0.5
monaco-editor^0.52.0
postcss^8.4.38
react^18.3.1
react-codepen-embed^1.1.0
react-dom^18.3.1
react-markdown^10.1.0
remark-gfm^4.0.1
swiper^11.1.3
tailwind-merge^2.3.0
…and 1 more.