Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@clickview/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@clickview/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Large Javascript Payload: 2379618 bytes
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 87 · status changed
Evidence
Static findings
26 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Large Javascript Payload | package/dist/scripts/app-BPAHIViU.js | 2379618 bytes | 10 |
Show all 26 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Large Javascript Payload | package/dist/scripts/app-BPAHIViU.js | 2379618 bytes | 10 |
| low | Credential file access | package/dist/scripts/DFGufE5C.chunk.js | matched ".azure" | 5 |
| low | Obfuscation | package/dist/scripts/-Lsrkvuf.chunk.js | matched "\\u2028" | 3 |
| low | Obfuscation | package/dist/scripts/B_Wo7_1R.chunk.js | matched "\\u0080" | 3 |
| low | Obfuscation | package/dist/scripts/BQlJBjcD.chunk.js | matched "\\u000c" | 3 |
| low | Obfuscation | package/dist/scripts/BXJ3-DJS.chunk.js | matched "\\u007E" | 3 |
| low | Obfuscation | package/dist/scripts/C9zcyjuU.chunk.js | matched "fromCharCode" | 3 |
| low | Obfuscation | package/dist/scripts/CFRBy_I-.chunk.js | matched "atob(" | 3 |
| low | Obfuscation | package/dist/scripts/CHsEOL8G.chunk.js | matched "atob(" | 3 |
| low | Obfuscation | package/dist/scripts/Cmu1J2M7.chunk.js | matched "\\x00" | 3 |
| low | Obfuscation | package/dist/scripts/CqChA3CS.chunk.js | matched "fromCharCode" | 3 |
| low | Obfuscation | package/dist/scripts/CRoTJJ57.chunk.js | matched "fromCharCode" | 3 |
| low | Obfuscation | package/dist/scripts/CsFm5M3D.chunk.js | matched "\\u200B" | 3 |
| low | Obfuscation | package/dist/scripts/CZys9CeT.chunk.js | matched "fromCharCode" | 3 |
| low | Obfuscation | package/dist/scripts/D1-G2Taa.chunk.js | matched "\\ud800" | 3 |
| low | Obfuscation | package/dist/scripts/D8sFtdJF.chunk.js | matched "fromCharCode" | 3 |
| low | Obfuscation | package/dist/scripts/DcYG-KVC.chunk.js | matched "fromCharCode" | 3 |
| low | Obfuscation | package/dist/scripts/DKSlcfSE.chunk.js | matched "Buffer.from(s,\"base64" | 3 |
| low | Obfuscation | package/dist/scripts/DP496YkG.chunk.js | matched "\\uFEFF" | 3 |
| low | Obfuscation | package/dist/scripts/DqC55TAG.chunk.js | matched "fromCharCode" | 3 |
| low | Obfuscation | package/dist/scripts/Ds_PduCx.chunk.js | matched "fromCharCode" | 3 |
| low | Obfuscation | package/dist/scripts/DXmiGQNf.chunk.js | matched "fromCharCode" | 3 |
| low | Obfuscation | package/dist/scripts/fAR-Xikm.chunk.js | matched "fromCharCode" | 3 |
| low | Obfuscation | package/dist/scripts/i6Py-Fdb.chunk.js | matched "fromCharCode" | 3 |
| low | Obfuscation | package/dist/scripts/oE16sEOL.chunk.js | matched "fromCharCode" | 3 |
| low | Obfuscation | package/dist/scripts/pdf.worker.min-qwK7q_zL.mjs | matched "fromCharCode" | 3 |
Manifest
Package metadata
Scripts5
buildnpm run type-check && vite buildstartvitetestjesttest-watchjest --watchtype-checktsc --noEmit
Dependencies13
@amplitude/analytics-browser2.24.0@amplitude/plugin-session-replay-browser1.22.13@googlemaps/js-api-loader1.15.1@microsoft/immersive-reader-sdk1.0.0@microsoft/teams-js2.22.0intersection-observer0.11.0js-cookie2.2.1papaparse5.2.0print-js1.5.0react-qrcode-logo3.0.0redux-devtools-extension2.13.8spark-md53.0.2tsparticles-confetti2.12.0