Package evidence
@boltic/[email protected]
Remote Dependency Spec: dependencies.@fynd/intelligence="git+https://dev.azure.com/GoFynd/CommonLibraries/_git/fynd-intelligence-react-sdk#0.0.8"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 1,091Niche · −30% score
- Versions published
- 210
- First published
- Feb 2026
- Publisher
- ahmed-gofynd
Effective trust discount applied: −30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@boltic/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@boltic/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Remote Dependency Spec: dependencies.@fynd/intelligence="git+https://dev.azure.com/GoFynd/CommonLibraries/_git/fynd-intelligence-react-sdk#0.0.8"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 8 · status changed
Evidence
Static findings
3 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Dependency Spec | package.json | dependencies.@fynd/intelligence="git+https://dev.azure.com/GoFynd/CommonLibraries/_git/fynd-intelligence-react-sdk#0.0.8" | 12 |
Show all 3 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Dependency Spec | package.json | dependencies.@fynd/intelligence="git+https://dev.azure.com/GoFynd/CommonLibraries/_git/fynd-intelligence-react-sdk#0.0.8" | 12 |
| low | Large Javascript Payload | package/dist/swirl.es.js | 6828304 bytes | 0 |
| low | Large Javascript Payload | package/dist/swirl.umd.js | 4431608 bytes | 0 |
Manifest
Package metadata
Scripts11
buildnpm run tasks && tsc && vite buildbuild-watchnpm run tasks && tsc && vite build --watch --config vite.config.mtsdevnpm run tasks && vitelinteslint . --ext ts,tsxlint-stagedlint-stagedlint:fixeslint . --ext ts,tsx --fixpreparenode -e "process.exit(require('fs').existsSync('.git')?0:1)" && husky install || trueprepublishOnlynpm run buildprettierprettier --write "src/**/*.{ts,tsx,json,md}"previewvite previewtasksnode tasks
Dependencies59
@boltic/ripple2.0.2-uat.0@codemirror/autocomplete^6.18.6@codemirror/commands^6.7.1@codemirror/lang-html^6.4.9@codemirror/lang-javascript^6.2.4@codemirror/lang-json^6.0.2@codemirror/lang-python^6.2.1@codemirror/lang-sql^6.8.0@codemirror/lang-xml^6.1.0@codemirror/lint^6.8.2@codemirror/search^6.5.11@codemirror/state^6.5.2@codemirror/view^6.36.5@dagrejs/dagre^1.1.5@fynd/intelligencegit+https://dev.azure.com/GoFynd/CommonLibraries/_git/fynd-intelligence-react-sdk#0.0.8@mui/x-data-grid^6.19.4@mui/x-date-pickers^7.28.0@reduxjs/toolkit^2.0.1@types/lodash.capitalize^4.2.9@uiw/react-json-view^2.0.0-alpha.30@xyflow/react12.10.2axios^1.6.7codemirror^6.0.1cron-validator^1.3.1cronstrue^2.44.0crypto-js^4.2.0dayjs^1.11.10dompurify^3.2.2graphql^16.8.1html-to-image^1.11.13- …and 29 more.