Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 370
- Versions published
- 103Mature · −50% score
- First published
- Jan 2022
- Publisher
- kingofchina
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@kdcloudjs/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@kdcloudjs/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Obfuscation Density: high encoded/escaped-token density
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
3 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 3 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Obfuscation Density | package/es/table/base/styles.js | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/lib/table/base/styles.js | high encoded/escaped-token density | 0 |
| low | Large Javascript Payload | package/dist/@kdcloudjs/table.js | 2319536 bytes | 0 |
Manifest
Package metadata
Scripts24
buildnpm run compile && cross-env NODE_OPTIONS='--max-old-space-size=4096' npm run distchangelogconventional-changelog -p angular -i CHANGELOG.md -s --skip-unstablecleanrimraf _data && rimraf _sitecompilegulp compiledistnode build/bin/dist.jskd-uinpm install @kingdee-ui/kui --registry http://npm.kingdee.com/lintnpm run tsc && npm run lint:script && npm run lint:stylelint-fix:scriptnpm run lint:script -- --fixlint-fix:stylenpm run lint:style -- --fixlint:scripteslint --ext .tsx,.ts,.js,.jsx ./components ./sitelint:stylestylelint "{site,components}/**/*.less" --syntax lessnewnode scripts/create-component.jspubnpm run test:all && npm run build && cross-env PUB_ENV=pub np --no-cleanup --no-testspub:canarynpm run build && cross-env PUB_ENV=pub np --no-cleanup --anyBranch --no-tests --tag=canarypub:canary-hotfixnpm run build && cross-env PUB_ENV=pub np --no-cleanup --anyBranch --no-tests --tag=canaryHotFixsitenpm run tsc && bisheng build -c ./site/bisheng.config.jsstartnpm run clean && cross-env NODE_ENV=development bisheng start -c ./site/bisheng.config.jstestjest --config .jest.js --cache=falsetest:allnpm run lint && npm run testtest:cijest --config .jest.js --coverage --ci --update-snapshottest:coveragenpm run test -- --coveragetest:reportjest --config .jest.js --coverage & open ./coverage/lcov-report/index.htmltest:updatejest --config .jest.js --cache=false -utsctsc --noEmit
Dependencies11
@babel/runtime^7.10.4@babel/runtime-corejs3^7.11.2@popperjs/core^2.9.1classnames^2.2.6core-js^3.16.1css-vars-ponyfill^2.4.3lodash^4.17.20regenerator-runtime^0.13.9resize-observer-polyfill^1.5.1rxjs^6.6.3styled-components^5.2.1