PkgRadar

Package evidence

@bufferapp/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
18
Versions published
411Mature · −50% score
First published
Oct 2017
Publisher
federicoweber

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@bufferapp/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@bufferapp/[email protected]"],"fail_on":"review"}'
Publisherfedericoweber
Artifact bytes37,756
Previous version1.77.2
Published2022-04-20T22:13:41.998Z
SHA-256997cc3ef4d0e54c817ba6c10c3a9eddde9edadb02a97a6e123cc1312d7e7f32b

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
1.77.3Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts4
  • linteslint . --ignore-pattern coverage .storybook node_modules
  • startstart-storybook -p 9003
  • testjest
  • test-watchjest --watch
Dependencies32
  • @bufferapp/analyze-date-picker^1.77.3
  • @bufferapp/analyze-export-picker^1.77.3
  • @bufferapp/analyze-no-profiles^1.77.3
  • @bufferapp/analyze-profile-selector^1.77.3
  • @bufferapp/analyze-profiles-overview^1.77.3
  • @bufferapp/analyze-shared-components^1.77.3
  • @bufferapp/analyze-store^1.77.3
  • @bufferapp/analyze-tabs^1.56.0
  • @bufferapp/average-table^1.77.3
  • @bufferapp/backfilling-state^1.75.2
  • @bufferapp/compare-chart^1.77.3
  • @bufferapp/comparison-chart^1.55.0
  • @bufferapp/components3.2.1
  • @bufferapp/content-mask^1.74.0
  • @bufferapp/demographic-gender-age^1.77.3
  • @bufferapp/demographic-overview^1.77.3
  • @bufferapp/hashtags-table^1.77.3
  • @bufferapp/nav-sidebar^1.77.3
  • @bufferapp/pdf-export^1.77.0
  • @bufferapp/performance-tracking^0.90.0
  • @bufferapp/posts-summary-table^1.77.3
  • @bufferapp/posts-table^1.77.3
  • @bufferapp/profile-header^1.77.3
  • @bufferapp/profile-loader^1.77.0
  • @bufferapp/report^1.77.3
  • @bufferapp/report-list^1.77.3
  • @bufferapp/resources^1.75.2
  • @bufferapp/rpc-worker^1.56.0
  • @bufferapp/shopify-products^1.77.3
  • @bufferapp/shopify-sources^1.77.3
  • …and 2 more.