Package evidence

@gitlab/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 230Mature · −50% score
First published: Oct 2024
Publisher: GitLab CI/CD

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@gitlab/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@gitlab/[email protected]"],"fail_on":"review"}'

PublisherGitLab CI/CD

Artifact bytes288,193

Previous version15.33.0

Published2026-06-04T15:01:52.292Z

SHA-25646c8e4edf11c385092a8a8441d54f0a9ae44ea5af71f46688e005a3db065ee9b

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low

2h agoLast checked

lowRisk

0Score

15.34.0Version

Status history (1 event)

new → available2h ago · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts36

buildNODE_ENV=production rollup -c
cleanrm -r dist storybook src/scss/utilities.scss
eslinteslint --max-warnings 0 --ext .js,.vue .
eslint:fixyarn eslint --fix
generate:componentplop
lintrun-p prettier eslint stylelint markdownlint
lint:fixrun-s eslint:fix prettier:fix stylelint:fix markdownlint:fix
markdownlintmarkdownlint '**/*.md' --ignore node_modules --ignore CHANGELOG.md --ignore
markdownlint:fixyarn markdownlint --fix
prettierprettier --check '**/*.{js,mjs,ts,vue}'
prettier:fixprettier --write '**/*.{js,mjs,ts,vue}'
startyarn storybook
storybookstorybook dev --ci --host ${STORYBOOK_HOST:-localhost} --port 9001 -c .storybook
storybook-vue3VUE_VERSION=3 storybook dev --ci --host ${STORYBOOK_HOST:-localhost} --port 9001 -c .storybook
storybook:build:prodstorybook build -c .storybook -o storybook
storybook:build:testyarn build && IS_VISUAL_TEST=true NODE_ENV=test storybook build --test -c .storybook -o storybook
storybook:runnpx http-server -bgs -p 9001 ./storybook
stylelintstylelint 'src/**/*.scss'
stylelint:fixyarn stylelint --fix
tailwind-config-viewer:exporttailwind-config-viewer export ./tailwind-config-viewer-static
tailwind-config-viewer:starttailwind-config-viewer -o
testrun-s test:unit test:visual
test:integrationyarn run test:integration:server
test:integration:serverNODE_ENV=test start-test storybook:run http-get://${STORYBOOK_HOST:-localhost}:9001/iframe.html
test:unitNODE_ENV=test jest
test:unit-vue3VUE_VERSION=3 NODE_ENV=test jest
test:unit-vue3:coverageVUE_VERSION=3 yarn test:unit --coverage
test:unit-vue3:debugVUE_VERSION=3 NODE_ENV=test node --inspect node_modules/.bin/jest --testPathIgnorePatterns storyshot.spec.js --watch --runInBand
test:unit-vue3:watchVUE_VERSION=3 yarn test:unit --watch
test:unit:coverageyarn test:unit --coverage
…and 6 more.

Dependencies13

@floating-ui/dom1.7.6
diff^8.0.2
echarts^5.3.2
iframe-resizer^4.3.2
lodash-es^4.17.23
marked^12.0.0
marked-bidi^1.0.8
marked-highlight^2.2.3
popper.js^1.16.1
portal-vue^2.1.7
vue-functional-data-merge^3.1.0
vue-resizable1.3.4
vue-runtime-helpers^1.1.2