PkgRadar

Package evidence

@finapi/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
66Mature · −50% score
First published
Mar 2021
Publisher
finapi

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@finapi/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@finapi/[email protected]"],"fail_on":"review"}'
Publisherfinapi
Artifact bytes19,269
Previous version2.46.0-alpha.0
Published2026-05-28T10:32:45.962Z
SHA-256f5f04d1c26392d2126a35b43f2b814f2c6c13b84e77f6712ae6a011ac9801e90

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
2.46.0Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts12
  • buildtsc --declaration
  • bundlerollup -c
  • cleannpx rimraf dist docs
  • docstypedoc --plugin none --excludeInternal --disableSources --includeVersion --excludeExternals
  • echo:versionecho $npm_package_version
  • linteslint src/**/*.ts
  • packagenpm run clean && npm run lint && npm run test:unit && npm run build && npm run test:build && npm run docs && npm run bundle && npm run test:bundle
  • releaserelease-it --ci
  • servenpx serve -p 4242
  • test:buildJEST_SUITE_NAME="Web Form Loader Build test" JEST_JUNIT_OUTPUT_NAME="build.junit.xml" jest build.test.ts --coverage false
  • test:bundleJEST_SUITE_NAME="Web Form Loader Bundle test" JEST_JUNIT_OUTPUT_NAME="bundle.junit.xml" jest bundle.test.ts --coverage false
  • test:unitJEST_SUITE_NAME="Web Form Loader Unit tests" JEST_JUNIT_OUTPUT_NAME="unit.junit.xml" jest --testPathPattern=unit\.test\.ts