Package evidence
@flarehr/[email protected]
Install-time lifecycle script: preinstall="npx npm-force-resolutions"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 3,633Niche · −30% score
- Versions published
- 2,462Mature · −50% score
- First published
- May 2021
- Publisher
- flare.build
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@flarehr/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@flarehr/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Install-time lifecycle script: preinstall="npx npm-force-resolutions"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 3 · status changed
Evidence
Static findings
7 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 7 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Install-time lifecycle script | package.json | preinstall="npx npm-force-resolutions" | 5 |
| low | Install-time lifecycle script | package.json | postinstall="npm run browserslist:update-db && npm run browserslist:generate-regex" | 5 |
| low | Large Javascript Payload | package/dist/lib/cjs/ap-ben-loading-page_2.cjs.entry.js | 6073076 bytes | 0 |
| low | Large Javascript Payload | package/dist/lib/esm-es5/ap-ben-loading-page_2.entry.js | 5894058 bytes | 0 |
| low | Large Javascript Payload | package/dist/lib/esm/ap-ben-loading-page_2.entry.js | 6072707 bytes | 0 |
| low | Large Javascript Payload | package/dist/lib/cars-calculator/p-08f08988.system.entry.js | 5738465 bytes | 0 |
| low | Large Javascript Payload | package/dist/lib/cars-calculator/p-aa6eeef5.entry.js | 5653579 bytes | 0 |
Manifest
Package metadata
Scripts13
browserslist:generate-regex(echo window.apolloBrowserslistRegex =&& browserslist-useragent-regexp --allowHigherVersions) > src/browser-support/apollo-browser-list.jsbrowserslist:update-dbnpx browserslist@latest --update-dbbuildstencil build --cibuild:devstencil build --dev --config stencil.dev.config.tsgeneratestencil generatelinteslint src/**/*{.ts,.tsx}lint:fixeslint src/**/*{.ts,.tsx} --fixpostinstallnpm run browserslist:update-db && npm run browserslist:generate-regexpreinstallnpx npm-force-resolutionsstartstencil build --dev --watch --serve --config stencil.dev.config.tsstart:apicd ../api/Benefits.Api && func start --buildteststencil test --spec --passWithNoTeststest:watchstencil test --spec --watchAll
Dependencies22
@datorama/akita^6.2.4@flarehr/beacon^0.1.5@fortawesome/fontawesome-svg-core^1.2.35@fortawesome/pro-duotone-svg-icons^5.15.3@fortawesome/pro-light-svg-icons^5.15.3@fortawesome/pro-regular-svg-icons^5.15.3@fortawesome/pro-solid-svg-icons^5.15.3@juggle/resize-observer^3.3.1@microsoft/applicationinsights-web^2.6.1@popperjs/core^2.9.2@stencil/router1.0.1bootstrap^4.6.0date-fns^2.21.1fp-ts^2.10.2immer^9.0.6jwt-decode^3.1.2mime^2.5.2oidc-client^1.11.5rxjs^6.6.7uuid^8.3.2wretch^1.7.4wretch-middlewares^0.1.12