Package evidence
@getsupertab/[email protected]
Install-time lifecycle script: postinstall="! test -f .env.local && test -z \"$CI\" && cp .env.example .env.local || echo \"Skipping creation of .env.local\""
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 247
- Versions published
- 158Mature · −50% score
- First published
- Apr 2025
- Publisher
- supertab-frontend
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@getsupertab/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@getsupertab/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Install-time lifecycle script: postinstall="! test -f .env.local && test -z \"$CI\" && cp .env.example .env.local || echo \"Skipping creation of .env.local\""
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 2 · status changed
Evidence
Static findings
1 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 1 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Install-time lifecycle script | package.json | postinstall="! test -f .env.local && test -z \"$CI\" && cp .env.example .env.local || echo \"Skipping creation of .env.local\"" | 5 |
Manifest
Package metadata
Scripts35
buildnpm run build:cdnbuild-storybookstorybook buildbuild:allnpm run build:cdn && npm run build:pkg && npm run build:pkg-demobuild:cdntsc && vite build --config .vite/vite.cdn.config.ts && vite build --config .vite/vite.googlefc.config.ts && vite build --config .vite/vite.supertab-global.config.tsbuild:cdn:ctlTAPPER_ENV=ctl npm run build:cdnbuild:cdn:prodTAPPER_ENV=prod npm run build:cdnbuild:cdn:sbxTAPPER_ENV=sbx npm run build:cdnbuild:cdn:stgTAPPER_ENV=stg npm run build:cdnbuild:pkgtsc && vite build --config .vite/vite.pkg.config.tsbuild:pkg-demotsc && vite build --config .vite/vite.pkg-demo.config.tsbuild:pkg-demo:ctlTAPPER_ENV=ctl npm run build:pkg-demobuild:pkg-demo:prodTAPPER_ENV=prod npm run build:pkg-demobuild:pkg-demo:sbxTAPPER_ENV=sbx npm run build:pkg-demobuild:pkg-demo:stgTAPPER_ENV=stg npm run build:pkg-demobuild:pkg:ctlTAPPER_ENV=ctl npm run build:pkgbuild:pkg:prodTAPPER_ENV=prod npm run build:pkgbuild:pkg:sbxTAPPER_ENV=sbx npm run build:pkgbuild:pkg:stgTAPPER_ENV=stg npm run build:pkgchromaticnpx chromaticdevvite --config .vite/vite.dev.config.tsgenerate-api-schemasbin/generate-api-schemaslinteslint srcpostinstall! test -f .env.local && test -z "$CI" && cp .env.example .env.local || echo "Skipping creation of .env.local"preparehuskyprepublishOnlynpm run build:pkg:prodpreviewPREVIEW_BUILD=true npm run build:all && vite preview --config .vite/vite.preview.config.tspreview:ctlTAPPER_ENV=ctl npm run previewpreview:prodTAPPER_ENV=prod npm run previewpreview:sbxTAPPER_ENV=sbx npm run previewpreview:stgTAPPER_ENV=stg npm run preview- …and 5 more.