Package evidence
@bethinkpl/[email protected]
Remote Dependency Spec: devDependencies.vue-popperjs="github:bethinkpl/vue-popper#df07fdb562d604fad966f0e8d6db1fc48febad6e"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 760
- Versions published
- 230Mature · −50% score
- First published
- Oct 2022
- Publisher
- rb_bethink
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@bethinkpl/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@bethinkpl/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Remote Dependency Spec: devDependencies.vue-popperjs="github:bethinkpl/vue-popper#df07fdb562d604fad966f0e8d6db1fc48febad6e"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 4 · status changed
Evidence
Static findings
2 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Dependency Spec | package.json | devDependencies.vue-popperjs="github:bethinkpl/vue-popper#df07fdb562d604fad966f0e8d6db1fc48febad6e" | 8 |
Show all 2 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Dependency Spec | package.json | devDependencies.vue-popperjs="github:bethinkpl/vue-popper#df07fdb562d604fad966f0e8d6db1fc48febad6e" | 8 |
| low | Large Javascript Payload | package/dist/design-system.umd.js | 4930796 bytes | 0 |
Manifest
Package metadata
Scripts17
buildvite builddevstorybook dev -p 6006format:checkprettier --check './*.{cjs,js,ts,vue,scss}' './{lib,.storybook,tools}/**/*.{cjs,js,ts,vue,scss,json}'format:fixprettier --write './*.{cjs,js,ts,vue,scss}' './{lib,.storybook,tools}/**/*.{cjs,js,ts,vue,scss,json}'importColorsnpx tsx tools/importers/ImportColorsFromFigmaTokens.tslintyarn lint:scripts && yarn lint:styleslint:fixyarn lint:scripts:fix && yarn lint:styles:fixlint:scriptseslint --max-warnings 0 --cache 'lib/js/**/*.{js,vue,ts,json}'lint:scripts:fixeslint 'lib/js/**/*.{js,vue,ts,json}' --fix --cachelint:stylesstylelint 'lib/**/*.{vue,scss}' --cachelint:styles:fixstylelint 'lib/**/*.{vue,scss}' --fixstorybookstorybook dev -p 6006storybook:buildstorybook build -c .storybook -o public/storybooksynchronizeTypographynpx tsx tools/importers/SynchronizeTypographyTokens.tstestvitesttest:uivitest --uits:checkvue-tsc --noEmit --project ./tsconfig.base.json
Dependencies7
@primevue/themes4.0.0-rc.3@vueuse/core14.1.0lodash-es4.17.22primevue4.0.0-rc.3reka-ui2.8.0vee-validate4.15.1vue-component-type-helpers2.2.10