Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 907
- Versions published
- 504Mature · −50% score
- First published
- Apr 2021
- Publisher
- eea-jenkins
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@eeacms/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@eeacms/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
No high-signal static finding in the saved report.
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
No findings stored for this release.
Manifest
Package metadata
Scripts17
bootstrapnpm install -g ejs; npm link ejs; node bootstrapcypress:openNODE_ENV=production CYPRESS_API=plone ../../../node_modules/cypress/bin/cypress opencypress:runNODE_ENV=production CYPRESS_API=plone ../../../node_modules/cypress/bin/cypress runhuskyhusky installlint../../../node_modules/eslint/bin/eslint.js --max-warnings=0 'src/**/*.{js,jsx}'lint:fix../../../node_modules/eslint/bin/eslint.js --fix 'src/**/*.{js,jsx}'precommityarn stylelint && yarn prettier && yarn lintprettier../../../node_modules/.bin/prettier --single-quote --check 'src/**/*.{js,jsx,json,css,less,md}'prettier:fix../../../node_modules/.bin/prettier --single-quote --write 'src/**/*.{js,jsx,json,css,less,md}'releaserelease-itrelease-betarelease-it --preRelease=betarelease-major-betarelease-it major --preRelease=betastylelint../../../node_modules/stylelint/bin/stylelint.js --allow-empty-input 'src/**/*.{css,less}'stylelint:fixyarn stylelint --fix && yarn stylelint:overrides --fix && yarn stylelint:theme --fixstylelint:overrides../../../node_modules/.bin/stylelint --syntax less --allow-empty-input 'theme/**/*.overrides' 'src/**/*.overrides'stylelint:theme../../../node_modules/stylelint/bin/stylelint.js --allow-empty-input 'theme/**/*.{css,less}'testdocker run -it --rm -v $(pwd):/opt/frontend/my-volto-project/src/addons/volto-clms-theme -e GIT_NAME=volto-clms-theme -e NAMESPACE=@eeacms plone/volto-addon-ci
Dependencies38
@eeacms/volto-accordion-block7.0.0@eeacms/volto-arcgis-block0.1.336@eeacms/volto-clms-utils0.1.15@eeacms/volto-columns-block6.0.2@eeacms/volto-embed6.0.0@eeacms/volto-globalsearch*@eeacms/volto-metadata-block5.0.1@eeacms/volto-react-table-widget0.1.3@eeacms/volto-resize-helper1.0.1@eeacms/volto-tableau1.3.0@eeacms/volto-tabs-block5.1.0@eeacms/volto-taxonomy5.1.0@elastic/search-ui1.21.2@fortawesome/fontawesome-svg-core1.2.35@fortawesome/free-brands-svg-icons6.4.2@fortawesome/free-regular-svg-icons5.15.3@fortawesome/free-solid-svg-icons5.15.3@fortawesome/react-fontawesome0.1.14@ginkgo-bioworks/react-json-schema-form-builder2.10.1@kitconcept/volto-blocks-grid7.0.2@plone-collective/volto-authomatic2.0.1connected-react-router6.8.0d3-array^2.12.1husky7.0.4lightgallery^2.4.0razzle-plugin-scss4.2.18react-csv2.2.2react-draggable4.4.5react-input-range^1.3.0react-native-mime-types2.3.0- …and 8 more.