Package evidence
@hx-mprecelle/[email protected]
Remote Dependency Spec: dependencies.mdb-react-file-upload="git+https://oauth2:[email protected]/mdb/react/mdb5/plugins/prd/file-upload"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 67
- Versions published
- 27
- First published
- Dec 2025
- Publisher
- hx-mprecelle
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@hx-mprecelle/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@hx-mprecelle/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Remote Dependency Spec: dependencies.mdb-react-file-upload="git+https://oauth2:[email protected]/mdb/react/mdb5/plugins/prd/file-upload"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 24 · status changed
Evidence
Static findings
3 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Dependency Spec | package.json | dependencies.mdb-react-file-upload="git+https://oauth2:[email protected]/mdb/react/mdb5/plugins/prd/file-upload" | 12 |
| medium | Remote Dependency Spec | package.json | dependencies.mdb-react-ui-kit="git+https://oauth:[email protected]/mdb/react/mdb5/prd/mdb5-react-ui-kit-pro-advanced" | 12 |
Show all 3 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Dependency Spec | package.json | dependencies.mdb-react-file-upload="git+https://oauth2:[email protected]/mdb/react/mdb5/plugins/prd/file-upload" | 12 |
| medium | Remote Dependency Spec | package.json | dependencies.mdb-react-ui-kit="git+https://oauth:[email protected]/mdb/react/mdb5/prd/mdb5-react-ui-kit-pro-advanced" | 12 |
| low | Large Javascript Payload | package/dist/esm/index.js | 6920428 bytes | 0 |
Manifest
Package metadata
Scripts15
buildrollup -cbuild-storybookstorybook buildgenerate-apinode ./src/utils/generate-apijest:update:snapshotsjest --updateSnapshotlintnpm run lint:ts && npm run lint:csslint:cssstylelint ./src/**/*.csslint:tseslint ./src/**/*.tsx --fixpreparehusky installsemantic-releasesemantic-releasestorybookstorybook dev -p 6006testjest --coverage=falsetest:coveragejesttest:snapshotnpm run test -- --updateSnapshottest:watchnpm run test -- --watch --coverage=falsets-checktsc --noEmit -p tsconfig.json
Dependencies42
@dnd-kit/core^6.0.8@dnd-kit/sortable^7.0.2@dnd-kit/utilities^3.2.1@fortawesome/fontawesome-free^6.4.0@lottiefiles/react-lottie-player^3.5.3@restart/ui^1.4.1@tinymce/tinymce-react^4.3.0@types/react-bootstrap^0.32.32@types/react-test-renderer^18.0.0@uiw/react-md-editor^3.20.9ag-grid-community^29.2.0ag-grid-react^29.2.0ahooks^3.7.4antd^5.21.6axios^1.3.3bootstrap^5.2.3chart.js^4.2.1classnames^2.3.2cookies-next^2.1.1dayjs^1.11.9dotenv^16.0.3final-form^4.20.9google-libphonenumber^3.2.38immer^9.0.21jwt-decode^3.1.2lodash^4.17.21lodash.compact^3.0.1lodash.isempty^4.4.0lodash.noop^3.0.1lodash.omit^4.5.0- …and 12 more.