PkgRadar

Package evidence

@aws-amplify/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
51,660Mainstream · −50% score
Versions published
1,919Mature · −50% score
First published
Apr 2023
Publisher
aws-amplify-ops

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@aws-amplify/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@aws-amplify/[email protected]"],"fail_on":"review"}'
Publisheraws-amplify-ops
Artifact bytes195,416
Previous version0.0.0-next-52ee46d-20251120130157
Published2026-06-12T15:25:07.424Z
SHA-25620aaa0c453c5e395042703077d118dea52fc3c3b66f551405c26365366fdda9a

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
0.0.0-next-52fc7b9-20260612152450Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts11
  • buildyarn build:rollup
  • build:rolluprollup --config
  • check:esmnode --input-type=module --eval 'import "@aws-amplify/ui-react-liveness"'
  • cleanrimraf dist node_modules
  • devyarn build:rollup --watch
  • lintyarn typecheck && eslint .
  • prebuildrimraf dist && patch-package
  • sizeyarn size-limit
  • testjest
  • test:watchyarn test --watch
  • typechecktsc --noEmit
Dependencies18
  • @aws-amplify/ui0.0.0-next-52fc7b9-20260612152450
  • @aws-amplify/ui-react0.0.0-next-52fc7b9-20260612152450
  • @aws-sdk/client-rekognitionstreaming3.967.0
  • @aws-sdk/util-format-url3.965.0
  • @mediapipe/face_detection^0.4.1646425229
  • @smithy/eventstream-serde-browser^4.0.4
  • @smithy/fetch-http-handler^5.0.4
  • @smithy/protocol-http^3.0.3
  • @smithy/signature-v45.1.2
  • @smithy/types^4.3.1
  • @tensorflow/tfjs-backend-cpu4.11.0
  • @tensorflow/tfjs-backend-wasm4.11.0
  • @tensorflow/tfjs-converter4.11.0
  • @tensorflow/tfjs-core4.11.0
  • @xstate/react^3.2.2
  • tslib^2.5.2
  • uuid^11.1.1
  • xstate^4.33.6