PkgRadar

Package evidence

@jetbrains/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
7,606Niche · −30% score
Versions published
1,273Mature · −50% score
First published
Aug 2017
Publisher
jetbrains-buildserver

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@jetbrains/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@jetbrains/[email protected]"],"fail_on":"review"}'
Publisherjetbrains-buildserver
Artifact bytes298,964
Previous version7.0.113
Published2026-06-08T12:18:44.394Z
SHA-2564d21b8ca6ccf0337838fb1c8e98958c54d9f7125400945b680119e03cf958a80

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
7.0.114Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts48
  • _postinstallhusky && npm run postinstall:gitconfig
  • a11y-audittest-storybook --url http://localhost:9999 && DARK=true test-storybook --url http://localhost:9999
  • a11y-audit-cinode scripts/a11y-audit-ci.mjs
  • apply-resolutionsnpx [email protected]
  • buildBROWSERSLIST_ENV=dist ./node_modules/.bin/rollup -c --bundleConfigAsCjs
  • build-storiesstorybook build --quiet -c .storybook -o storybook-dist
  • console-errorsjest scripts/console-errors.test.js --watchAll
  • console-errors-cijest scripts/console-errors.test.js --reporters=jest-teamcity
  • figma-connect-publishnpx figma connect publish --token=$FIGMA_CODE_CONNECT_TOKEN
  • figma-connect-publish-localdotenv -- npm run figma-connect-publish
  • figma-connect-unpublishnpx figma connect unpublish --token=$FIGMA_CODE_CONNECT_TOKEN
  • figma-connect-unpublish-localdotenv -- npm run figma-connect-unpublish
  • lintnpm run lint:js && npm run stylelint
  • lint-cieslint --format jslint-xml . > eslint-report.xml && npm run stylelint-ci
  • lint:jseslint
  • postbuildcpy './**/*.d.ts' ../dist --parents --cwd=components/
  • postinstall:gitconfiggit config blame.ignoreRevsFile .git-blame-ignore-revs
  • postpublishpinst --enable
  • postrelease-cigit push --follow-tags
  • prea11y-auditplaywright install
  • prebuildrimraf components && npm run prebuild:tsc && cpy './**/*' '!**/*.stories.*' '!**/*.figma.*' '!**/*.ts' '!**/*.tsx' '!**/test-helpers/mocks/**' ../components --parents --cwd=src/
  • prebuild:tsc(npm run type-check:create-d-ts && tsc --project tsconfig-build.json) ; npm run type-check:cleanup-d-ts
  • prelint-ciecho "##teamcity[importData type='jslint' path='eslint-report.xml']"
  • preparewebpack -c .storybook/custom-header/webpack.config.js
  • prepublishOnlypinst --disable
  • prerelease-built-cinode scripts/prepare-built-package.js
  • prerelease-cigit pull
  • pretype-check-cinpm run type-check:create-d-ts
  • release-built-cinpm publish --access=public $NPM_PUBLISH_PARAMS
  • release-cinpm version $NPM_VERSION_PARAMS && npm publish --access=public $NPM_PUBLISH_PARAMS
  • …and 18 more.
Dependencies44
  • @babel/core^7.29.0
  • @babel/preset-typescript^7.28.5
  • @jetbrains/babel-preset-jetbrains^2.4.0
  • @jetbrains/icons^5.22.0
  • @jetbrains/postcss-require-hover^0.2.0
  • @types/combokeys^2.4.9
  • @types/element-resize-detector^1.1.6
  • @types/react-virtualized9.22.3
  • @types/util-deprecate^1.0.4
  • babel-loader10.1.1
  • babel-plugin-react-compiler^1.0.0
  • babel-plugin-transform-define^2.1.4
  • browserslist^4.28.2
  • change-case^4.1.1
  • classnames^2.5.1
  • combokeys^3.0.1
  • css-loader^7.1.4
  • csstype^3.2.1
  • date-fns^4.3.0
  • dequal^2.0.3
  • element-resize-detector^1.2.4
  • fastdom^1.0.12
  • file-loader^6.2.0
  • focus-trap^8.2.1
  • highlight.js^10.7.2
  • just-debounce-it^3.2.0
  • memoize-one^6.0.0
  • postcss^8.5.15
  • postcss-calc^10.1.1
  • postcss-font-family-system-ui^5.0.0
  • …and 14 more.