Package evidence

@connectif/[email protected]

Obfuscation Density: high encoded/escaped-token density

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 400
Versions published: 98Established · −30% score
First published: Jun 2025
Publisher: connectif-devteam

Effective trust discount applied: −30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@connectif/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@connectif/[email protected]"],"fail_on":"review"}'

Publisherconnectif-devteam

Artifact bytes1,927,656

Previous version9.0.0

Published2026-05-28T07:25:49.410Z

SHA-256342d54b845bf716b0a3afca22e466880391f4099296e683f472a5a5555c0f7bc

Why flagged

What the scanner saw

Obfuscation Density: high encoded/escaped-token density

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

16d agoLast checked

reviewRisk

16Score

9.0.1Version

Status history (1 event)

new → available16d ago · risk review · score 16 · status changed

Evidence

Static findings

2 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
medium	Obfuscation Density	package/dist/tinymce/plugins/wordcount/plugin.js	high encoded/escaped-token density	12
medium	Obfuscation Density	package/dist/tinymce/plugins/wordcount/plugin.min.js	high encoded/escaped-token density	12

Manifest

Package metadata

Scripts10

auditbetter-npm-audit audit
buildnode esbuild.js && tsc --project tsconfig.build.json
build-storybookstorybook build
build-watchchokidar "src/**/*" -c "node build-watch.js $FRONT_PATH"
chromaticchromatic
cspellcspell "./src/**/{en.json,es.ts}" --config cspell.json
linteslint './**/*.{ts,tsx}' './src/components/**/*.json' --quiet
prettierprettier --check "**/*.{js,json,ts,tsx}"
storybookstorybook dev -p 6006
testTZ=UTC jest

Dependencies30

@codemirror/lang-html6.4.8
@codemirror/lint6.5.0
@emotion/react^11.11.4
@emotion/styled^11.11.5
@mdi/js^7.4.47
@mdi/react^1.6.1
@mui/material7.1.0
@mui/x-date-pickers^8.2.0
@tinymce/tinymce-react^6.3.0
@uiw/react-codemirror4.21.24
echarts^5.4.1
echarts-for-react3.0.2
html-format^1.1.7
i18next^21.6.14
i18next-icu2.0.3
intl-messageformat9.11.1
katex^0.16.22
markdown-to-jsx^7.7.13
moment2.29.4
moment-timezone0.5.45
notistack^3.0.1
react-best-gradient-color-picker^3.0.14
react-filerobot-image-editor^4.8.1
react-infinite-scroll-component6.1.0
react-lazyload3.2.1
react-virtualized-auto-sizer1.0.25
react-window^1.8.7
styled-components^5.3.5
tinymce6.8.4
tinymce-i18n^24.3.11