PkgRadar

Package evidence

@brightspace-ui/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
1,956Mature · −50% score
First published
Jul 2019
Publisher
d2l-travis-deploy

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@brightspace-ui/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@brightspace-ui/[email protected]"],"fail_on":"review"}'
Publisherd2l-travis-deploy
Artifact bytes1,660,973
Previous version3.255.0
Published2026-05-29T19:18:32.666Z
SHA-25611ab538f8383a3b0fc1c0ddd9a31b0190fc406924ec9096aabf8eca1cde2eb99

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
3.256.0Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts18
  • buildnpm run build:clean && npm run build:icons && npm run build:illustrations && npm run build:sass && npm run build:wca
  • build-staticrollup -c ./rollup/rollup.config.js
  • build:cleannode ./cli/clean.js
  • build:iconsnode ./cli/icon-generator.js
  • build:illustrationsnode ./cli/empty-state-illustration-generator.js
  • build:sasssass ./test/sass.scss > ./test/sass.output.css
  • build:wcawca analyze "{components,templates}/**/*.js" --format json --outFile custom-elements.json
  • lintnpm run lint:eslint && npm run lint:style
  • lint:eslinteslint .
  • lint:stylestylelint "**/*.{js,html}" --ignore-path .gitignore
  • startweb-dev-server --node-resolve --watch --open
  • testnpm run lint && npm run test:translations && npm run test:node-imports && npm run test:unit && npm run test:axe
  • test:axed2l-test-runner axe --chrome
  • test:node-importsmocha "./test/node-imports-test.js"
  • test:translationsmfv -s en -p ./lang/ -i untranslated,category-missing
  • test:unitd2l-test-runner
  • test:vdiffd2l-test-runner vdiff --timeout 10000
  • test:wcanode ./cli/validate-wca.js
Dependencies6
  • @brightspace-ui/intl^3
  • @brightspace-ui/lms-context-provider^1
  • @open-wc/dedupe-mixin^2
  • ifrau^0.41
  • lit^3
  • prismjs^1