PkgRadar

Package evidence

@maltjoy/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
192Mature · −50% score
First published
Feb 2023
Publisher
malt-ops

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@maltjoy/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@maltjoy/[email protected]"],"fail_on":"review"}'
Publishermalt-ops
Artifact bytes183,075
Previous version5.19.0
Published2026-05-06T08:13:19.627Z
SHA-256cc58a74a183b74f1a565b4b21233e30ce680dcef38313183ef073f056a420cf8

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
5.20.0Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts28
  • buildpnpm typecheck && vite build && vue-tsc --declaration --emitDeclarationOnly --outDir dist && pnpm test && pnpm generate:manifest
  • build-storybookpnpm prepare && storybook build
  • build:analyzeANALYZE=server vite build
  • build:analyze:jsonANALYZE=json vite build
  • build:libvite build
  • copy:fonticonnode src/tasks/copy-fonticon.mjs
  • devpnpm prepare && vite
  • formatprettier --write "**/*.{js,ts,vue}"
  • format:stagedprettier --write
  • generate:components-autoimportsnode src/tasks/generate-components-autoimports.mjs
  • generate:components-docsnode src/tasks/ai/optimized-metadata-generator.mjs
  • generate:components-docs:singlenode src/tasks/ai/optimized-metadata-generator.mjs --single
  • generate:components-typesnode src/tasks/generate-components-types.mjs
  • generate:manifestnode src/tasks/generate-manifest.mjs
  • linteslint "src/**/*.{ts,vue}"
  • lint:fixeslint "src/**/*.{ts,vue}" --fix
  • lint:stagedeslint --fix
  • previewvite preview
  • preview-storybookpnpm storybook build && pnpm dlx http-server ./storybook-static/
  • report:bundle-sizepnpm build:analyze:json && node src/tasks/generate-bundle-size-report.mjs
  • report:complexitynode src/tasks/generate-complexity-report.mjs
  • report:component-churnnode src/tasks/generate-component-churn-report.mjs
  • scan:figma-coveragenode src/tasks/scan-joy-figma.mjs
  • storybookpnpm prepare && storybook dev --port=33725
  • testvitest run --dom --coverage
  • test:devvitest watch --dom
  • test:updatevitest run --dom -u
  • typecheckvue-tsc --noEmit
Dependencies14
  • @floating-ui/dom1.5.3
  • @floating-ui/vue1.0.2
  • @maltjoy/css5.20.0
  • @maltjoy/icons5.20.0
  • @maltjoy/themes5.20.0
  • @vue/runtime-core3.5.13
  • @vue/runtime-dom3.5.13
  • @vue/shared3.5.13
  • @vueuse/components10.8.0
  • @vueuse/core10.8.0
  • mitt3.0.1
  • vue3.5.25
  • vue-bind-once0.2.1
  • vue-router4.4.0