Package evidence
@instructure/[email protected]
Remote Dependency Spec: dependencies.scroll-into-view="https://github.com/bkirkby/scroll-into-view.git#588b0ced98eeecf84e6fb2074aa076e80b7cffab"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 174
- Versions published
- 5
- First published
- Mar 2019
- Publisher
- claydiffrient
Recommended action
Block this updateStatic evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@instructure/[email protected]"],"fail_on":"high"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@instructure/[email protected]"],"fail_on":"high"}'Why flagged
What the scanner saw
Remote Dependency Spec: dependencies.scroll-into-view="https://github.com/bkirkby/scroll-into-view.git#588b0ced98eeecf84e6fb2074aa076e80b7cffab"
1 remote tarball(s) were followed statically.
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk high · score 12 · status changed
Evidence
Static findings
16 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Remote Dependency Spec | package.json | dependencies.scroll-into-view="https://github.com/bkirkby/scroll-into-view.git#588b0ced98eeecf84e6fb2074aa076e80b7cffab" | 12 |
Show all 16 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Remote Dependency Spec | package.json | dependencies.scroll-into-view="https://github.com/bkirkby/scroll-into-view.git#588b0ced98eeecf84e6fb2074aa076e80b7cffab" | 12 |
| low | Large Javascript Payload | package/testcafe/build/testcafe.js | 2677384 bytes | 0 |
| low | Large Javascript Payload | package/testcafe/build/vendors~testcafe.js | 17711804 bytes | 0 |
| low | Obfuscation Density | package/lib/translated/ar/modules/sidebar/components/UsageRightsForm.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/translated/el/modules/sidebar/components/LinksPanel.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/translated/el/modules/sidebar/components/UsageRightsForm.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/translated/fa_IR/modules/sidebar/components/UsageRightsForm.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/translated/he/modules/sidebar/components/UsageRightsForm.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/translated/hy/modules/sidebar/components/LinksPanel.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/translated/hy/modules/sidebar/components/NavigationPanel.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/translated/hy/modules/sidebar/components/UsageRightsForm.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/translated/ja/modules/sidebar/components/UsageRightsForm.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/translated/ru/modules/sidebar/components/LinksPanel.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/translated/ru/modules/sidebar/components/NavigationPanel.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/translated/ru/modules/sidebar/components/UsageRightsForm.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/translated/uk_UA/modules/sidebar/components/UsageRightsForm.js | high encoded/escaped-token density | 0 |
Remote payloads
Followed remote artifacts
| Source | URL | Risk | Score | Summary |
|---|---|---|---|---|
| dependencies.scroll-into-view | https://github.com/bkirkby/scroll-into-view.git#588b0ced98eeecf84e6fb2074aa076e80b7cffab | error | 0 | invalid gzip header |
Manifest
Package metadata
Scripts16
build:allscripts/buildbuild:canvasscripts/build-canvasbuild:watchrm -rf lib && NODE_ENV=transpile babel --out-dir lib src --watchdebugBABEL_ENV=test-node inspect _mocha --no-timeouts --debug-brk 'test/**/*.test.js' --require @instructure/ui-themes/lib/canvas --require @babel/registerdemowebpack -pdevwebpack-dev-server -d --content-base github-pages/extractformat-message extract "src*/**/*.js" -g underscored_crc32 -o locales/en.jsonfmt:checkprettier -l '**/*.js'fmt:fixprettier --write '**/*.js'integration-testnightwatch --env integrationlinteslint "src/**/*.js" "test/**/*.js"lint:fixeslint --fix "src/**/*.js" "app/**/*.js" "test/**/*.js" "shared/**/*.js"prepublishOnlynpm run test && npm run build:alltestBABEL_ENV=test-node mocha 'test/**/*.test.js' --require @instructure/ui-themes/lib/canvas --require @babel/register --timeout 5000 --reporter mocha-multi-reporters --reporter-options configFile=mocha-reporter-config.jsontest:coveragecross-env BABEL_ENV=test-node nyc -r html -r json node_modules/.bin/mocha -- 'test/**/*.test.js'test:watchBABEL_ENV=test-node mocha 'test/**/*.test.js' --require @instructure/ui-themes/lib/canvas --require @babel/register --watch
Dependencies27
@instructure/ui-a11y^5@instructure/ui-buttons^5@instructure/ui-elements^5@instructure/ui-forms^5@instructure/ui-icons^5@instructure/ui-layout^5@instructure/ui-tabs^5@instructure/ui-themeable^5@instructure/ui-themes^5@instructure/ui-toggle-details^5aphrodite^2bloody-offset0.0.0format-message^6format-message-generate-id^6isomorphic-fetch2.2.1prop-types^15react^0.14.8 || ^15.0.0 || ^16react-dom^0.14.8 || ^15.0.0 || ^16react-redux^5react-tinymce^0.7.0react-transition-group^1redux^4redux-batch-middleware^0.2.0redux-thunk^2scroll-into-viewhttps://github.com/bkirkby/scroll-into-view.git#588b0ced98eeecf84e6fb2074aa076e80b7cffabtinymce^4.5.7tinymce-light-skin~1.3.0