Package evidence
@commercetools-frontend/[email protected]
Obfuscation Density: high encoded/escaped-token density
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 6,629Niche · −30% score
- Versions published
- 1,888Mature · −50% score
- First published
- Jan 2019
- Publisher
- GitHub ActionsTrusted automation · −70% score
Effective trust discount applied: −70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@commercetools-frontend/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@commercetools-frontend/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Obfuscation Density: high encoded/escaped-token density
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 7 · status changed
Evidence
Static findings
2 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Obfuscation Density | package/dist/commercetools-frontend-application-components.cjs.dev.js | high encoded/escaped-token density | 12 |
| medium | Obfuscation Density | package/dist/commercetools-frontend-application-components.esm.js | high encoded/escaped-token density | 12 |
Manifest
Package metadata
Dependencies43
@babel/runtime^7.22.15@babel/runtime-corejs3^7.22.15@commercetools-frontend/actions-global^0.0.0-canary-20260527091200@commercetools-frontend/application-config^0.0.0-canary-20260527091200@commercetools-frontend/application-shell-connectors^0.0.0-canary-20260527091200@commercetools-frontend/assets^0.0.0-canary-20260527091200@commercetools-frontend/constants^0.0.0-canary-20260527091200@commercetools-frontend/i18n^0.0.0-canary-20260527091200@commercetools-frontend/l10n^0.0.0-canary-20260527091200@commercetools-frontend/sentry^0.0.0-canary-20260527091200@commercetools-uikit/accessible-button^20.4.0@commercetools-uikit/card^20.4.0@commercetools-uikit/constraints^20.4.0@commercetools-uikit/design-system^20.4.0@commercetools-uikit/flat-button^20.4.0@commercetools-uikit/hooks^20.4.0@commercetools-uikit/icon-button^20.4.0@commercetools-uikit/icons^20.4.0@commercetools-uikit/label^20.4.0@commercetools-uikit/messages^20.4.0@commercetools-uikit/primary-button^20.4.0@commercetools-uikit/secondary-button^20.4.0@commercetools-uikit/secondary-icon-button^20.4.0@commercetools-uikit/spacings^20.4.0@commercetools-uikit/stamp^20.4.0@commercetools-uikit/text^20.4.0@commercetools-uikit/utils^20.4.0@emotion/react^11.14.0@emotion/styled^11.14.0@flopflip/react-broadcast15.1.7- …and 13 more.