Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 1,225Niche · −30% score
- Versions published
- 1,153Mature · −50% score
- First published
- Oct 2018
- Publisher
- bringg_npm
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@bringg/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@bringg/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Large Javascript Payload: 5194974 bytes
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
3 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 3 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Large Javascript Payload | package/dist/bringg-dashboard-sdk-cjs2.js | 5194974 bytes | 0 |
| low | Large Javascript Payload | package/dist/bringg-dashboard-sdk.js | 6043553 bytes | 0 |
| low | Large Javascript Payload | package/dist/bringg-dashboard-sdk.min.js | 2277861 bytes | 0 |
Manifest
Package metadata
Scripts22
buildgit clean -fdx ./dist && tsc --project tsconfig.prod.json && webpack --config ./webpack.config.jsbuild-docstypedoc --out docs srcbuild-packnpm run build && npm packbuild-sandbox-sdkgit clean -fdx .sandbox/dist && tsc --project tsconfig.prod.json --outDir ./sandbox/dist && webpack --config ./webpack_sandbox.config.jsbuild:watchconcurrently -k -n tsc,wp -c blue,green "npm run build:watch:tsc" "npm run build:watch:webpack"build:watch:tsctsc --project tsconfig.prod.json --watch --preserveWatchOutputbuild:watch:webpackDASHBOARD_SDK_WEBPACK_WATCH=1 webpack --config ./webpack.config.js --watchbump-versionnpm_config_allow_same_version=true npm_config_git_tag_version=false npm version patchbundle-reportwebpack-bundle-analyzer --port 4200 dist/stats.jsoncheck:allnpm run prettier-check && npm run typecheck && npm run lintdev:yalcnpm run build && yalc publish --push && npm run build:watchentity-generatorchmod 777 scripts/* && scripts/file_generator.sh $1 $2fixnpm run prettier && npm run lintlinteslint .prettierprettier --write "src/**/*.{ts,tsx,json,md}"prettier-checkprettier -c "src/**/*.{ts,tsx,json,md}"sandboxnpm run build-sandbox-sdk && cd sandbox && npm run starttestvitest runtest-with-coveragerm -rf ./coverage && vitest run --coveragetypechecktsc --noEmit --project tsconfig.jsonvulnerability-fixnpm audit fixvulnerability-reportnpm audit --json | npm-audit-html
Dependencies14
@bringg/common-utils^2.15.0axios0.24.0deepmerge^4.2.2http-status-codes1.3.0jsdom^23.0.1lodash^4.17.21mobx^6.3.3mockdate^3.0.5moment^2.22.2p-defer^3.0.0rxjs^6.5.3sha11.1.1socket.io-client^4.5.3uuid^8.3.2