PkgRadar

Package evidence

@finapi/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
3,066Niche · −30% score
Versions published
66Mature · −50% score
First published
Mar 2021
Publisher
finapi

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@finapi/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@finapi/[email protected]"],"fail_on":"review"}'
Publisherfinapi
Artifact bytes19,278
Previous version2.46.0
Published2026-05-28T11:44:03.771Z
SHA-25610c3bda3b10324cc32341f25abe058a18cd838b974aade06fe6854c14a7fb84f

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
2.47.0-alpha.0Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts12
  • buildtsc --declaration
  • bundlerollup -c
  • cleannpx rimraf dist docs
  • docstypedoc --plugin none --excludeInternal --disableSources --includeVersion --excludeExternals
  • echo:versionecho $npm_package_version
  • linteslint src/**/*.ts
  • packagenpm run clean && npm run lint && npm run test:unit && npm run build && npm run test:build && npm run docs && npm run bundle && npm run test:bundle
  • releaserelease-it --ci
  • servenpx serve -p 4242
  • test:buildJEST_SUITE_NAME="Web Form Loader Build test" JEST_JUNIT_OUTPUT_NAME="build.junit.xml" jest build.test.ts --coverage false
  • test:bundleJEST_SUITE_NAME="Web Form Loader Bundle test" JEST_JUNIT_OUTPUT_NAME="bundle.junit.xml" jest bundle.test.ts --coverage false
  • test:unitJEST_SUITE_NAME="Web Form Loader Unit tests" JEST_JUNIT_OUTPUT_NAME="unit.junit.xml" jest --testPathPattern=unit\.test\.ts