Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 431Established · −30% score
- First published
- Nov 2025
- Publisher
- vivek_kan
Effective trust discount applied: −30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@erpsquad/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@erpsquad/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Large Javascript Payload: 2998854 bytes
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
4 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 4 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Large Javascript Payload | package/dist/custom-editor-CGljsRNb.esm.js | 2998854 bytes | 0 |
| low | Large Javascript Payload | package/dist/images-BZ6xOz1V.esm.js | 2047363 bytes | 0 |
| low | Large Javascript Payload | package/dist/images-mZFCcj45.js | 2040627 bytes | 0 |
| low | Large Javascript Payload | package/dist/SectionFlowEditor-_XpgjpEM.esm.js | 2654536 bytes | 0 |
Manifest
Package metadata
Scripts22
add:named-exportsnode scripts/add-named-exports.jsanalyze:exportsnode scripts/analyze-exports.jsbuildnpm run clean && vite build && node scripts/fix-declaration-files.jsbuild:analyzenpm run build && node scripts/analyze-bundle.jsbuild:validatenpm run build && node scripts/validate-package.jscleanrimraf distdevvite build --watch --mode developmentfix:exportsnode scripts/fix-all-exports.jsgenerate:exportsnode scripts/generate-exports.jslinteslint src --ext .ts,.tsx --max-warnings 0lint:fixeslint src --ext .ts,.tsx --fixprepublishOnlynpm run build && npm run validate:packagesize-checksize-limittestjesttest:cijest --ci --coverage --watchAll=falsetest:integrationjest --testPathPattern=integration --runInBandtest:integration:fullnode scripts/run-integration-tests.jstype-checktsc --noEmit --skipLibCheckvalidatenpm run lint && npm run type-check && npm run test:civalidate:packagenode scripts/validate-package.jsvalidate:prepublishnode scripts/prepublish-validation.jsvalidate:publish-dry-runnode scripts/publish-dry-run.js
Dependencies76
@asseinfo/react-kanban^2.2.0@ckeditor/ckeditor5-react^9.0.0@dnd-kit/core^6.3.1@dnd-kit/sortable^10.0.0@emotion/react^11.0.0@emotion/styled^11.0.0@fullcalendar/core^6.1.10@fullcalendar/daygrid^6.1.10@fullcalendar/interaction^6.1.10@fullcalendar/list^6.1.10@fullcalendar/react^6.1.10@fullcalendar/resource^6.1.10@fullcalendar/resource-timegrid^6.1.10@fullcalendar/resource-timeline^6.1.10@fullcalendar/timegrid^6.1.10@fullcalendar/timeline^6.1.10@glideapps/glide-data-grid^5.3.2@glideapps/glide-data-grid-cells^5.3.2@hookform/resolvers^3.10.0@mui/icons-material^5.15.0@mui/lab^5.0.0-alpha.165@mui/material^5.15.0@mui/x-date-pickers^6.19.3@react-pdf-viewer/core^3.12.0@react-pdf-viewer/default-layout^3.12.0@react-querybuilder/material^6.5.5@reduxjs/toolkit^1.9.0 || ^2.0.0@types/lodash^4.14.202ckeditor5^43.0.0d3^7.8.5- …and 46 more.