Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 396
- Versions published
- 47Mature · −50% score
- First published
- Dec 2024
- Publisher
- GitHub ActionsTrusted automation · −70% score
Effective trust discount applied: −70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@cratedb/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@cratedb/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Large Javascript Payload: 7530585 bytes
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 6 · status changed
Evidence
Static findings
2 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Large Javascript Payload | package/dist/index.es.js | 7530585 bytes | 10 |
| medium | Large Javascript Payload | package/dist/index.umd.js | 5204906 bytes | 10 |
Manifest
Package metadata
Scripts12
buildtsc && vite buildbuild-libtsc && vite build --config vite.config.lib.ts && pnpm run build-lib-css-entriesbuild-lib-css-components-watchmkdir -p dist/styles && tailwindcss -i ./src/styles/components.css -o ./dist/styles/components.css --watch --minifybuild-lib-css-entriesmkdir -p dist/styles && tailwindcss -i ./src/styles/components.css -o ./dist/styles/components.css --minify && pnpm run sync-theme-cssbuild-lib-theme-watchchokidar "src/styles/theme.css" -c "pnpm run sync-theme-css"build-lib-watchpnpm run sync-theme-css && concurrently -k -n vite,css,theme "vite build --config vite.config.lib.ts --watch" "pnpm run build-lib-css-components-watch" "pnpm run build-lib-theme-watch"check-typestsc --noemitlinteslint --cache --ext=.ts --ext=.tsx src/prepackpnpm run build-libstartvitesync-theme-csscp ./src/styles/theme.css ./dist/styles/theme.css && printf "@import './styles/components.css';\n@import './styles/theme.css';\n" > ./dist/style.csstestjest
Dependencies43
@ant-design/icons^6.1.1@cratedb/cratedb-sqlparse^0.0.17@hookform/resolvers^3.10.0@radix-ui/react-dropdown-menu^2.1.16@radix-ui/react-label^2.1.8@radix-ui/react-popover^1.1.15@radix-ui/react-select^2.2.6@radix-ui/react-slot^1.2.4@radix-ui/react-switch^1.2.6@radix-ui/react-tabs^1.1.13@tanstack/match-sorter-utils^8.19.4@tanstack/react-table^8.21.3ace-builds^1.43.6antd^5.29.3axios^1.15.2class-variance-authority^0.7.1classnames^2.5.1clsx^2.1.0compare-versions^6.1.1cronstrue^2.59.0jwt-decode^4.0.0less^4.6.4lodash^4.18.1moment^2.30.1papaparse^5.5.3path-parser^6.1.0pretty-bytes^6.1.1react-ace^14.0.1react-hook-form^7.73.1react-icons^5.6.0- …and 13 more.