PkgRadar

Package evidence

@leapllc/[email protected]

Remote Dependency Spec: devDependencies.parse-server="github:parse-community/parse-server#master"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
5
Versions published
2
First published
Jan 2020
Publisher
stevestencil

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@leapllc/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@leapllc/[email protected]"],"fail_on":"review"}'
Publisherstevestencil
Artifact bytes914,102
Previous versionnone
Published2020-01-21T20:32:45.044Z
SHA-2561838da3ffba6553539e12056438377082632d15e56824208d9e3923835145972

Why flagged

What the scanner saw

Remote Dependency Spec: devDependencies.parse-server="github:parse-community/parse-server#master"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
8Score
2.11.0Version
Status history (1 event)
  1. newavailable · risk review · score 8 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumRemote Dependency Specpackage.jsondevDependencies.parse-server="github:parse-community/parse-server#master"8

Manifest

Package metadata

Scripts15
  • buildnode build_releases.js
  • cross-envcross-env
  • docsjsdoc -c ./jsdoc-conf.json ./src
  • gulpgulp
  • integrationcross-env TESTING=1 jasmine --config=jasmine.json
  • linteslint --cache src/ integration/
  • lint:fixeslint --fix --cache src/ integration/
  • preparenpm run build
  • releasenode build_releases.js && npm publish
  • release_docs./release_docs.sh
  • testcross-env PARSE_BUILD=node jest
  • watchcross-env PARSE_BUILD=${PARSE_BUILD} gulp watch
  • watch:browsercross-env PARSE_BUILD=browser npm run watch
  • watch:nodecross-env PARSE_BUILD=node npm run watch
  • watch:react-nativecross-env PARSE_BUILD=react-native npm run watch
Dependencies6
  • @babel/runtime7.8.0
  • @babel/runtime-corejs37.8.0
  • crypto-js3.1.9-1
  • uuid3.3.3
  • ws7.2.1
  • xmlhttprequest1.8.0