PkgRadar

Package evidence

@conecli/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
2,309Niche · −30% score
Versions published
646Mature · −50% score
First published
Jul 2022
Publisher
xiaozhao2022

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@conecli/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@conecli/[email protected]"],"fail_on":"review"}'
Publisherxiaozhao2022
Artifact bytes309,957
Previous version0.10.1-isv2.4
Published2026-06-02T02:08:44.102Z
SHA-256f2990a1ff3fa533fe35b3c964b171a1732df00cebef177d638d7297b53c6fd2a

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
0.10.1-isv3.1Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts24
  • buildnpm run compress
  • build:alipaytaro build --type alipay
  • build:h5taro build --type h5
  • build:harmony-hybridtaro build --type harmony-hybrid
  • build:jdtaro build --type jd
  • build:openShopBridgenode publish/build-openShopBridge.js
  • build:qqtaro build --type qq
  • build:rntaro build --type rn
  • build:swantaro build --type swan
  • build:tttaro build --type tt
  • build:weapptaro build --type weapp
  • checkgulp check --gulpfile ./publish/gulpfile.js
  • compressgulp compress --gulpfile ./publish/gulpfile.js
  • compressToXingyunDevgulp compress --gulpfile ./publish/gulpfile.js --replaceType=xingyunDev
  • compressWatchgulp compressWatch --gulpfile ./publish/gulpfile.js --replaceType=compressWatch
  • dev:alipaynpm run build:alipay -- --watch
  • dev:h5npm run build:h5 -- --watch
  • dev:harmony-hybridnpm run build:harmony-hybrid -- --watch
  • dev:jdnpm run build:jd -- --watch
  • dev:qqnpm run build:qq -- --watch
  • dev:rnnpm run build:rn -- --watch
  • dev:swannpm run build:swan -- --watch
  • dev:ttnpm run build:tt -- --watch
  • dev:weappnpm run build:weapp -- --watch
Dependencies26
  • @babel/runtime7.24.4
  • @tarojs/components4.1.2
  • @tarojs/helper4.1.2
  • @tarojs/plugin-framework-react4.1.2
  • @tarojs/plugin-platform-alipay4.1.2
  • @tarojs/plugin-platform-h54.1.2
  • @tarojs/plugin-platform-harmony-hybrid4.1.2
  • @tarojs/plugin-platform-jd4.1.2
  • @tarojs/plugin-platform-qq4.1.2
  • @tarojs/plugin-platform-swan4.1.2
  • @tarojs/plugin-platform-tt4.1.2
  • @tarojs/plugin-platform-weapp4.1.2
  • @tarojs/react4.1.2
  • @tarojs/runtime4.1.2
  • @tarojs/service4.1.2
  • @tarojs/shared4.1.2
  • @tarojs/taro4.1.2
  • art-template^4.13.2
  • gulp-filter^7.0.0
  • normalize.css^8.0.1
  • react^18.2.0
  • react-content-loader^6.2.0
  • react-dom^18.2.0
  • react-intersection-observer8.33.1
  • react-refresh^0.14.0
  • sha256^0.2.0