PkgRadar

Package evidence

@jocmp/[email protected]

Remote Dependency Spec: dependencies.browser-request="github:postlight/browser-request#feat-add-headers-to-response"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
13,027Mainstream · −50% score
Versions published
36Mature · −50% score
First published
Nov 2024
Publisher
jocmp

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@jocmp/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@jocmp/[email protected]"],"fail_on":"review"}'
Publisherjocmp
Artifact bytes1,876,931
Previous version3.0.6
Published2026-03-25T03:22:06.665Z
SHA-256b007e585d6a15ee5260946c5db4f2d3b1eb03bb22bf31615ca988ec8a529ff07

Why flagged

What the scanner saw

Remote Dependency Spec: dependencies.browser-request="github:postlight/browser-request#feat-add-headers-to-response"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
12Score
3.0.7Version
Status history (1 event)
  1. newavailable · risk review · score 12 · status changed

Evidence

Static findings

2 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumRemote Dependency Specpackage.jsondependencies.browser-request="github:postlight/browser-request#feat-add-headers-to-response"12
mediumRemote Dependency Specpackage.jsondependencies.difflib="github:postlight/difflib.js"12

Manifest

Package metadata

Scripts18
  • buildrollup -c
  • build:cirollup -c && npm run test:build
  • build:esmnpm run lint && rollup -c rollup.config.esm.js && npm run test:build:esm
  • build:esm:cirollup -c rollup.config.esm.js && npm run test:build:esm
  • build:generatorrollup -c scripts/rollup.config.js
  • build:webrollup -c rollup.config.web.js
  • build:web:cirollup -c rollup.config.web.js && npm run test:build:web
  • generate-parsernode ./dist/generate-custom-parser.js
  • linteslint . --fix
  • lint-fix-quieteslint --fix --quiet
  • lint:ciremark . && eslint .
  • releasenpm run build && npm run build:web
  • testnpm run test:node && npm run test:web
  • test:buildcd ./scripts && jest check-build.test.js
  • test:nodejest --json --outputFile test-output.json --forceExit
  • test:webvitest run --config vitest.config.js
  • test_buildrollup -c
  • watch:testjest --watch
Dependencies12
  • @babel/runtime-corejs2^7.2.0
  • browser-requestgithub:postlight/browser-request#feat-add-headers-to-response
  • cheerio^1.1.2
  • dayjs^1.11.19
  • difflibgithub:postlight/difflib.js
  • ellipsize0.6.0
  • iconv-lite0.7.2
  • postman-request^2.88.1-postman.31
  • string-direction^0.1.2
  • turndown^7.1.1
  • wuzzy^0.1.4
  • yargs-parser^22.0.0