PkgRadar

Package evidence

@flarehr/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
2,527Mature · −50% score
First published
Feb 2021
Publisher
flare.build

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@flarehr/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@flarehr/[email protected]"],"fail_on":"review"}'
Publisherflare.build
Artifact bytes1,403,063
Previous version1.4.15029
Published2026-06-11T16:12:26.564Z
SHA-2569118629f790d314595efa1249882437eaffb450ad53a93d871de2879bf220947

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
1.4.15117Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts12
  • analyzenpx vite-bundle-visualizer
  • buildtsc && vite build
  • devvite --debug
  • dev:apicd ../api/Benefits.Api && func start --build
  • linteslint src/**/*.{js,jsx,ts,tsx}
  • lint:fixeslint src/**/*.{js,jsx,ts,tsx} --fix
  • lint:stagedlint-staged --config ./lint-staged.config.js
  • preparecd .. && husky install benefits-client/.husky
  • previewvite preview
  • testjest
  • test:watchjest --watch
  • typescripttsc
Dependencies40
  • @babel/plugin-proposal-decorators^7.23.2
  • @contentful/rich-text-react-renderer^15.11.1
  • @datadog/browser-rum^5.1.0
  • @datorama/akita^8.0.1
  • @fortawesome/fontawesome-svg-core^6.4.2
  • @fortawesome/pro-duotone-svg-icons^6.4.2
  • @fortawesome/pro-light-svg-icons^6.4.2
  • @fortawesome/pro-regular-svg-icons^6.4.2
  • @fortawesome/pro-solid-svg-icons^6.4.2
  • @fortawesome/react-fontawesome^0.2.0
  • @headlessui/react^1.7.16
  • @heroicons/react^2.0.12
  • @juggle/resize-observer^3.3.1
  • @microsoft/applicationinsights-web^2.6.5
  • @popperjs/core^2.9.3
  • @typeform/embed-react^3.9.0
  • clsx^2.1.1
  • contentful^9.1.13
  • date-fns^2.23.0
  • flowbite-datepicker^1.2.1
  • formik^2.2.9
  • fp-ts^2.11.1
  • framer-motion^10.16.4
  • history^5.0.0
  • immer^9.0.6
  • is-primitive^3.0.1
  • jwt-decode^3.1.2
  • mime^2.5.2
  • oidc-client-ts^3.5.0
  • preact^10.16.0
  • …and 10 more.