PkgRadar

Package evidence

@lntvow/[email protected]

Credential File Packaged: package/template/h5-uniapp/.npmrc

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
34Established · −30% score
First published
Aug 2025
Publisher
GitHub ActionsTrusted automation · −70% score

Effective trust discount applied: 70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@lntvow/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@lntvow/[email protected]"],"fail_on":"review"}'
PublisherGitHub Actions
Artifact bytes151,274
Previous version1.3.2
Published2026-05-20T07:17:04.242Z
SHA-2560c9a5d1c5714a3254829228194b3253153e992c44c062534241cfbd1ed30ee10

Why flagged

What the scanner saw

Credential File Packaged: package/template/h5-uniapp/.npmrc

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
10Score
1.3.3Version
Status history (1 event)
  1. newavailable · risk review · score 10 · status changed

Evidence

Static findings

2 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
highCredential File Packagedpackage/template/h5-uniapp/.npmrcpackage/template/h5-uniapp/.npmrc35
Show all 2 findings (low-signal and informational)
SeverityKindPathDetailPoints
highCredential File Packagedpackage/template/h5-uniapp/.npmrcpackage/template/h5-uniapp/.npmrc35
lowObfuscation Densitypackage/template/h5-uniapp/pnpm-lock.yamlhigh encoded/escaped-token density0

Manifest

Package metadata

Scripts44
  • build:customuni build -p
  • build:h5uni build
  • build:h5:ssruni build --ssr
  • build:mp-alipayuni build -p mp-alipay
  • build:mp-baiduuni build -p mp-baidu
  • build:mp-jduni build -p mp-jd
  • build:mp-kuaishouuni build -p mp-kuaishou
  • build:mp-larkuni build -p mp-lark
  • build:mp-qquni build -p mp-qq
  • build:mp-toutiaouni build -p mp-toutiao
  • build:mp-weixinuni build -p mp-weixin
  • build:mp-xhsuni build -p mp-xhs
  • build:preuni build --mode pre
  • build:produni build
  • build:quickapp-webviewuni build -p quickapp-webview
  • build:quickapp-webview-huaweiuni build -p quickapp-webview-huawei
  • build:quickapp-webview-unionuni build -p quickapp-webview-union
  • build:uatuni build --mode uat
  • changelogcli changelog -p angular -i CHANGELOG.md -s
  • cleancli clean ./node_modules/
  • commitgit add -A && cli commit
  • devuni
  • dev:h5uni
  • dev:h5:ssruni --ssr
  • dev:mp-alipayuni -p mp-alipay
  • dev:mp-baiduuni -p mp-baidu
  • dev:mp-jduni -p mp-jd
  • dev:mp-kuaishouuni -p mp-kuaishou
  • dev:mp-larkuni -p mp-lark
  • dev:mp-qquni -p mp-qq
  • …and 14 more.
Dependencies23
  • @dcloudio/uni-app3.0.0-4070520250711001
  • @dcloudio/uni-app-harmony3.0.0-4070520250711001
  • @dcloudio/uni-app-plus3.0.0-4070520250711001
  • @dcloudio/uni-components3.0.0-4070520250711001
  • @dcloudio/uni-h53.0.0-4070520250711001
  • @dcloudio/uni-mp-alipay3.0.0-4070520250711001
  • @dcloudio/uni-mp-baidu3.0.0-4070520250711001
  • @dcloudio/uni-mp-harmony3.0.0-4070520250711001
  • @dcloudio/uni-mp-jd3.0.0-4070520250711001
  • @dcloudio/uni-mp-kuaishou3.0.0-4070520250711001
  • @dcloudio/uni-mp-lark3.0.0-4070520250711001
  • @dcloudio/uni-mp-qq3.0.0-4070520250711001
  • @dcloudio/uni-mp-toutiao3.0.0-4070520250711001
  • @dcloudio/uni-mp-weixin3.0.0-4070520250711001
  • @dcloudio/uni-mp-xhs3.0.0-4070520250711001
  • @dcloudio/uni-quickapp-webview3.0.0-4070520250711001
  • @lntvow/utils^5.2.0
  • axios^1.11.0
  • dayjs^1.11.18
  • number-precision^1.6.0
  • pinia^2.2.4
  • pinia-plugin-persistedstate^3.1.0
  • vue^3.4.21