PkgRadar

Package evidence

@bbc/[email protected]

no static findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
8
Versions published
31Mature · −50% score
First published
Mar 2020
Publisher
sarahrainbow

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Add to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@bbc/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@bbc/[email protected]"],"fail_on":"review"}'
Publishersarahrainbow
Artifact bytes5,853,486
Previous version1.28.0
Published2021-07-08T15:30:20.440Z
SHA-256d36a82078f26a769b3c1dac9cdce501cc514475ae2940ea263dc3a901751042d

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
1.29.0Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Dependencies33
  • @bbc/react-transcript-editor^1.4.4
  • @fortawesome/fontawesome-svg-core^1.2.19
  • @fortawesome/free-brands-svg-icons^5.8.2
  • @fortawesome/free-solid-svg-icons^5.10.1
  • @fortawesome/react-fontawesome^0.1.4
  • @storybook/addon-knobs^6.1.20
  • array-move^2.1.0
  • auto^10.16.8
  • bootstrap^4.3.1
  • bootstrap-css-only^4.3.1
  • chroma-js^2.0.3
  • core-js^3.3.4
  • css-color-names^1.0.1
  • css-loader^3.0.0
  • cuid^2.1.6
  • date-fns^2.21.3
  • downloadjs^1.4.7
  • edl_composer^1.0.3
  • express^4.17.1
  • gel-typography^2.0.5
  • node-sass^4.13.1
  • polished^3.4.1
  • prop-types^15.7.2
  • randomcolor^0.5.4
  • react-bootstrap^1.5.2
  • react-color^2.17.1
  • react-router-bootstrap^0.25.0
  • react-select^2.4.3
  • react-sortable-hoc^1.10.1
  • sass-loader^7.1.0
  • …and 3 more.