Package evidence

@emulsify/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 36Mature · −50% score
First published: Jun 2024
Publisher: callinmullaney

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@emulsify/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@emulsify/[email protected]"],"fail_on":"review"}'

Publishercallinmullaney

Artifact bytes482,705

Previous version3.3.2

Published2025-10-28T19:27:06.868Z

SHA-2563317e9275d5375c9e5761c6012c03f1f911bd6bbb2caeccc711c7f24062a8806

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low

18d agoLast checked

lowRisk

0Score

3.4.1Version

Status history (1 event)

new → available18d ago · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts17

coveragenpm run test && open-cli .coverage/lcov-report/index.html
formatnpm run lint-fix; npm run prettier-fix
husky:commit-msgcommitlint --edit $1
husky:pre-commitnpm run lint
lintnpm run lint-js
lint-fixnpm run lint-js -- --fix
lint-jseslint --config config/eslint.config.js --no-error-on-unmatched-pattern ./config ./storybook
lint-stagedlint-staged
prepare[ -d '.git' ] && (husky install) || true
prettierprettier --config config/prettierrc.json --ignore-unknown "**/*.{js,yml,scss,md}"
prettier-fixprettier --config config/prettierrc.json --write --ignore-unknown "**/*.{js,yml,scss,md}"
semantic-releasesemantic-release --config ./release.config.cjs
storybookNODE_OPTIONS=--no-deprecation storybook dev --ci -s ../../dist,../../assets/images,../../assets/icons,../../assets/videos -p 6006
storybook-buildstorybook build -s ../../dist,../../assets/images,../../assets/icons,../../assets/videos -o .out
storybook-deploystorybook-to-ghpages -o .out
testjest --coverage --config ./config/jest.config.js
twatchjest --no-coverage --watch --verbose

Dependencies76

@babel/core^7.28.5
@babel/eslint-parser^7.28.5
@babel/preset-env^7.28.5
@emulsify/cli^1.11.4
@eslint/js^9.38.0
@storybook/addon-a11y^8.6.14
@storybook/addon-actions^8.6.14
@storybook/addon-essentials^8.6.14
@storybook/addon-links^8.6.14
@storybook/addon-styling-webpack^1.0.1
@storybook/addon-themes^8.6.14
@storybook/html^8.6.14
@storybook/html-webpack5^8.6.14
@storybook/manager-api^8.6.14
@storybook/preview-api^8.6.14
@storybook/theming^8.6.14
add-attributes-twig-extension^0.1.0
autoprefixer^10.4.21
babel-loader^10.0.0
babel-preset-minify^0.5.2
bem-twig-extension^0.1.1
breakpoint-sass^3.0.0
clean-webpack-plugin^4.0.0
concurrently^9.2.1
copy-webpack-plugin^13.0.1
css-loader^7.1.1
eslint^9.38.0
eslint-config-prettier^10.1.8
eslint-plugin-import^2.32.0
eslint-plugin-jest^29.0.1
…and 46 more.