PkgRadar

Package evidence

@emulsify/[email protected]

Remote Dependency Spec: dependencies.twig-loader="github:fourkitchens/twig-loader"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
463
Versions published
39Mature · −50% score
First published
Jun 2024
Publisher
callinmullaney

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@emulsify/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@emulsify/[email protected]"],"fail_on":"review"}'
Publishercallinmullaney
Artifact bytes1,594,630
Previous version1.3.0
Published2024-08-06T13:43:38.613Z
SHA-2564cfe5ed66fe6d68ff69887e5ea97d9e6022f5af69bc0165d0b6929bc76cdba5c

Why flagged

What the scanner saw

Remote Dependency Spec: dependencies.twig-loader="github:fourkitchens/twig-loader"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
6Score
1.3.1Version
Status history (1 event)
  1. newavailable · risk review · score 6 · status changed

Evidence

Static findings

5 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumRemote Dependency Specpackage.jsondependencies.twig-loader="github:fourkitchens/twig-loader"12
Show all 5 findings (low-signal and informational)
SeverityKindPathDetailPoints
mediumRemote Dependency Specpackage.jsondependencies.twig-loader="github:fourkitchens/twig-loader"12
lowObfuscation Densitypackage/.history/package-lock_20240722091648.jsonhigh encoded/escaped-token density0
lowObfuscation Densitypackage/.history/package-lock_20240729171049.jsonhigh encoded/escaped-token density0
lowObfuscation Densitypackage/.history/package-lock_20240729171107.jsonhigh encoded/escaped-token density0
lowObfuscation Densitypackage/.history/package-lock_20240729171136.jsonhigh encoded/escaped-token density0

Manifest

Package metadata

Scripts17
  • coveragenpm run test && open-cli .coverage/lcov-report/index.html
  • formatnpm run lint-fix; npm run prettier-fix
  • husky:commit-msgcommitlint --edit $1
  • husky:pre-commitnpm run lint
  • lintnpm run lint-js
  • lint-fixnpm run lint-js -- --fix
  • lint-jseslint --config config/eslintrc.config.json --no-error-on-unmatched-pattern ./config ./storybook
  • lint-stagedlint-staged
  • prepare[ -d '.git' ] && (husky install) || true
  • prettierprettier --config config/prettierrc.json --ignore-unknown "**/*.{js,yml,scss,md}"
  • prettier-fixprettier --config config/prettierrc.json --write --ignore-unknown "**/*.{js,yml,scss,md}"
  • semantic-releasesemantic-release
  • storybookstorybook dev --ci -s ../../dist,../../assets/images,../../assets/icons,../../assets/videos -p 6006
  • storybook-buildstorybook build -s ../../dist,../../assets/images,../../assets/icons,../../assets/videos -o .out
  • storybook-deploystorybook-to-ghpages -o .out
  • testjest --coverage --config ./config/jest.config.js
  • twatchjest --no-coverage --watch --verbose
Dependencies71
  • @babel/core^7.25.2
  • @babel/eslint-parser^7.25.1
  • @emulsify/cli^1.10.2
  • @storybook/addon-a11y^7.6.17
  • @storybook/addon-actions^7.6.17
  • @storybook/addon-essentials^7.6.17
  • @storybook/addon-links^7.6.17
  • @storybook/addon-styling-webpack^1.0.0
  • @storybook/addon-themes^7.6.17
  • @storybook/html^7.6.17
  • @storybook/html-webpack5^7.6.17
  • add-attributes-twig-extension^0.1.0
  • autoprefixer^10.4.20
  • babel-loader^9.1.3
  • babel-preset-minify^0.5.2
  • bem-twig-extension^0.1.1
  • breakpoint-sass^3.0.0
  • chalk^5.2.0
  • clean-webpack-plugin^4.0.0
  • concurrently^8.2.2
  • css-loader^7.1.1
  • eslint^8.57.0
  • eslint-config-airbnb-base^15.0.0
  • eslint-config-prettier^9.1.0
  • eslint-plugin-import^2.29.1
  • eslint-plugin-jest^27.9.0
  • eslint-plugin-prettier^5.1.3
  • eslint-plugin-security^2.1.1
  • eslint-plugin-storybook^0.8.0
  • eslint-webpack-plugin^4.1.0
  • …and 41 more.