PkgRadar

Package evidence

@luminpdf/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
3,370Niche · −30% score
Versions published
11
First published
Mar 2026
Publisher
thuyngan1501

Effective trust discount applied: 30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@luminpdf/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@luminpdf/[email protected]"],"fail_on":"review"}'
Publisherthuyngan1501
Artifact bytes1,391,096
Previous version4.0.1
Published2026-04-29T15:13:21.713Z
SHA-2564dbff8c24638ee46532568cbdf9c0de946bab2ef3e538ac0ec329ecd288c4e1a

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
4.1.1Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts11
  • buildpnpm run build:token && pnpm run build:core && pnpm run build:kiwi-ui && pnpm run build:cnc-ui
  • build:cnc-uipnpm --dir packages/cnc-ui run build
  • build:corepnpm --dir packages/core run build
  • build:kiwi-uipnpm --dir packages/kiwi-ui run build
  • build:tokenpnpm --dir packages/design-tokens run build
  • dev:cnc-uinx run-many -t dev -p @lumin-ui/cnc-ui
  • dev:corenx run-many -t dev -p @lumin-ui/core
  • dev:kiwi-uinx run-many -t dev -p @lumin-ui/kiwi-ui
  • lintnx run-many -t lint lint-tsc -p
  • lint:fixnx run-many -t lint lint-tsc --fix -p
  • prepublishOnlypnpm run build
Dependencies30
  • @luminpdf/iconscatalog:
  • @mantine/core^8.3.5
  • @mantine/dates^8.3.5
  • @mantine/form^8.3.5
  • @mantine/hookscatalog:
  • @optimize-lodash/rollup-plugin^4.0.4
  • @popperjs/core^2.11.8
  • @react-spring/web^10.0.0
  • @szhsin/react-accordion^1.2.3
  • @vanilla-extract/css^1.13.0
  • @vanilla-extract/dynamic^2.1.1
  • clsx^1.2.1
  • lodash^4.17.21
  • mantine-contextmenu^7.17.1
  • notistack^3.0.1
  • polished^4.2.2
  • postcss-styled-syntax^0.4.0
  • postcss-syntax^0.36.2
  • react-click-away-listener^2.2.3
  • react-custom-scrollbars-4^4.5.1
  • react-focus-lock^2.13.6
  • react-is^19.1.0
  • react-modal^3.16.1
  • react-modern-drawer^1.2.2
  • react-popper^2.3.0
  • react-popper-tooltip^4.4.2
  • react-transition-group^4.4.5
  • style-to-js^1.1.16
  • style-to-object^0.4.2
  • vite^4.4.9