PkgRadar

Package evidence

@emulsify/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
36Mature · −50% score
First published
Jun 2024
Publisher
callinmullaney

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@emulsify/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@emulsify/[email protected]"],"fail_on":"review"}'
Publishercallinmullaney
Artifact bytes484,368
Previous version3.4.1
Published2026-04-12T23:56:32.289Z
SHA-256f6a767e16e21c37186242467a212568e35f7e112eb0563aa7acf78f9ea04d5bd

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
3.5.0Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts17
  • coveragenpm run test && open-cli .coverage/lcov-report/index.html
  • formatnpm run lint-fix; npm run prettier-fix
  • husky:commit-msgcommitlint --edit $1
  • husky:pre-commitnpm run lint
  • lintnpm run lint-js
  • lint-fixnpm run lint-js -- --fix
  • lint-jseslint --config config/eslint.config.js --no-error-on-unmatched-pattern ./config ./.storybook
  • lint-stagedlint-staged
  • prepare[ -d '.git' ] && (husky install) || true
  • prettierprettier --config config/prettierrc.json --ignore-unknown "**/*.{js,yml,scss,md}"
  • prettier-fixprettier --config config/prettierrc.json --write --ignore-unknown "**/*.{js,yml,scss,md}"
  • semantic-releasesemantic-release --config ./release.config.cjs
  • storybookNODE_OPTIONS=--no-deprecation storybook dev --ci -p 6006
  • storybook-buildstorybook build -o .out
  • storybook-deploystorybook-to-ghpages -o .out
  • testjest --coverage --config ./config/jest.config.js
  • twatchjest --no-coverage --watch --verbose
Dependencies67
  • @babel/core^7.28.5
  • @babel/preset-env^7.28.5
  • @emulsify/cli^1.11.4
  • @eslint/js^10.0.1
  • @storybook/addon-a11y^9.1.20
  • @storybook/addon-links^9.1.20
  • @storybook/addon-styling-webpack^2.0.0
  • @storybook/addon-themes^9.1.20
  • @storybook/builder-webpack5^9.1.20
  • @storybook/server-webpack5^9.1.20
  • add-attributes-twig-extension^0.1.0
  • autoprefixer^10.4.21
  • babel-loader^10.0.0
  • babel-preset-minify^0.5.2
  • bem-twig-extension^0.1.1
  • breakpoint-sass^3.0.0
  • clean-webpack-plugin^4.0.0
  • concurrently^9.2.1
  • copy-webpack-plugin^14.0.0
  • css-loader^7.1.1
  • eslint^10.1.0
  • eslint-config-prettier^10.1.8
  • eslint-plugin-jest^29.15.1
  • eslint-plugin-prettier^5.5.4
  • eslint-plugin-security^4.0.0
  • file-loader^6.2.0
  • fs-extra^11.3.2
  • glob^13.0.6
  • graceful-fs^4.2.11
  • html-webpack-plugin^5.6.4
  • …and 37 more.