PkgRadar

Package evidence

@dckj-npm/[email protected]

Obfuscation Density: high encoded/escaped-token density

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
504
Versions published
368Mature · −50% score
First published
Sep 2024
Publisher
kzj2211

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@dckj-npm/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@dckj-npm/[email protected]"],"fail_on":"review"}'
Publisherkzj2211
Artifact bytes3,433,066
Previous version0.1.379
Published2026-03-12T13:53:30.461Z
SHA-256102baa5b81d5325af4d53f9173d8c854aa1d02e712108c122572a0170321f333

Why flagged

What the scanner saw

Obfuscation Density: high encoded/escaped-token density

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
29Score
0.1.380Version
Status history (1 event)
  1. newavailable · risk review · score 29 · status changed

Evidence

Static findings

5 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumObfuscation Densitypackage/dist/BizComps.jshigh encoded/escaped-token density12
mediumObfuscation Densitypackage/build/lowcode/meta.design.jshigh encoded/escaped-token density12
mediumObfuscation Densitypackage/build/lowcode/meta.jshigh encoded/escaped-token density12
mediumObfuscation Densitypackage/build/lowcode/preview.jshigh encoded/escaped-token density12
mediumLarge Javascript Payloadpackage/build/docs/umi.6673511d.js2871946 bytes10

Manifest

Package metadata

Scripts9
  • buildcross-env NODE_OPTIONS=--openssl-legacy-provider build-scripts build
  • dumicross-env NODE_OPTIONS=--openssl-legacy-provider APP_ROOT=docs dumi dev
  • dumi:buildcross-env NODE_OPTIONS=--openssl-legacy-provider APP_ROOT=docs dumi build
  • f2elint-fixf2elint fix
  • f2elint-scanf2elint scan
  • lowcode:buildcross-env NODE_OPTIONS=--openssl-legacy-provider build-scripts build --config ./build.lowcode.js
  • lowcode:devcross-env NODE_OPTIONS=--openssl-legacy-provider build-scripts start --config ./build.lowcode.js
  • prepablishOnlynpm run build && npm run lowcode:build && npm run dumi:build
  • startnpm run dumi
Dependencies15
  • @alifd/next^1.25.27
  • @alilc/lowcode-react-renderer^1.3.4
  • @alilc/lowcode-utils^1.3.4
  • @babel/runtime^7.0.0
  • @wangeditor/editor^5.1.23
  • @wangeditor/editor-for-react^1.0.6
  • antd^4.24.7
  • lodash^4.17.21
  • moment^2.29.4
  • pinyin-pro^3.26.0
  • prop-types^15.5.8
  • react^19.2.1
  • react-dom^19.2.1
  • regenerator-runtime^0.13.11
  • swiper^6.8.4