PkgRadar

Package evidence

@ht-sdks/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
156
Versions published
4
First published
Sep 2023
Publisher
nickstefan

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@ht-sdks/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@ht-sdks/[email protected]"],"fail_on":"review"}'
Publishernickstefan
Artifact bytes32,852
Previous versionnone
Published2023-09-01T00:59:27.177Z
SHA-25686706fe9fec8f9fa0056b0c4ffbfaf7de7129faed82986d659b09470de7042a7

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
1.0.0Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts23
  • buildbabel src/index.js --out-dir dist
  • build:cjstsc -p tsconfig.json --outDir ./dist/cjs --module commonjs
  • build:esmtsc -p tsconfig.json
  • changelogauto-changelog -p -t keepachangelog -u true -l false --sort-commits date-desc
  • check:circularmadge --circular --extensions js src/index.js || exit 0
  • check:duplicatesjscpd src --threshold 5
  • check:linteslint src
  • check:lint:cieslint src -f json -o reports/eslint.json || exit 0
  • check:securitynpm audit --recursive --audit-level=high
  • commitgit-cz
  • commit-msgcommitlint --edit
  • copy:assetscp package.json dist/ && cp readme.md dist/ && cp CHANGELOG.md dist/ && cp LICENSE.md dist/ && cp index.d.ts dist/
  • formatprettier --write .
  • generateHistoryauto-changelog -p -r origin --tag-prefix v --tag-pattern 'v(1.0.(0|[1-9]d*)|1.1.[0-4]|2.(0|[1-9]d*).(0|[1-9]d*))' -l false -o HISTORY.md -t keepachangelog
  • lint:fixeslint . --fix
  • packagenpm run build:cjs && npm run build:esm && npm run copy:assets
  • pre-commitnpm run test && npx lint-staged
  • preparehusky install
  • releasenpx standard-version
  • release:githubnpx conventional-github-releaser -p angular
  • sizesize-limit
  • testAVA_MODE_ON=true nyc --reporter=lcov --reporter=html --reporter=text ava --serial --verbose > coverage.lcov
  • test:ciAVA_MODE_ON=true nyc --reporter=lcov --reporter=html --reporter=text ava --serial --verbose > coverage.lcov
Dependencies10
  • @segment/loosely-validate-event2.0.0
  • axios0.26.0
  • axios-retry3.5.1
  • lodash.clonedeep4.5.0
  • lodash.isstring4.0.1
  • md52.3.0
  • ms2.1.3
  • remove-trailing-slash0.1.1
  • serialize-javascript6.0.1
  • uuid8.3.2
Optional dependencies1
  • bull4.10.2