Package evidence
@manisranjan/[email protected]
Obfuscation Density: high encoded/escaped-token density
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 17
- Versions published
- 3
- First published
- May 2026
- Publisher
- manisranjan
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@manisranjan/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@manisranjan/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Obfuscation Density: high encoded/escaped-token density
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
2 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 2 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Obfuscation Density | package/cypress/package-lock.json | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/src/configs/mock.config.ts | high encoded/escaped-token density | 0 |
Manifest
Package metadata
Scripts23
analyzeANALYZE=true elsie buildbuildelsie buildbuild:ciexport PR_VERSION=${VERSION_PARAM#*=} && mkdir -p ./dist/${PR_VERSION} && elsie build --outDir=./dist/${PR_VERSION}; cp -r ./static/* ./dist/${PR_VERSION}/. ; storybook build -o ./dist/${PR_VERSION}/storybook --disable-telemetry; cp ./static/index.html ./dist/.build:storybookstorybook build --disable-telemetrychangesetchangesetchangeset:alphachangeset version --snapshot alphachangeset:publishchangeset publishchangeset:statuschangeset statuschangeset:versionchangeset versionclean:reportsrm -R -f cypress/reports && mkdir cypress/reportscypress:localconcurrently 'npm run serve:static' 'cd cypress && yarn install && yarn test'cypress:mochawesomecd cypress && yarn cypress:mochawesome:merge && yarn cypress:mochawesome:m2e && yarn cypress:mochawesome:htmldevconcurrently 'npm run storybook' 'npm run serve'generate:api:mockselsie gql mocksgenerate:api:typeselsie gql typesgenerate:api:validateelsie gql validatelintelsie lint --max-warnings=0prebuild:ciecho "Building PR version: ${VERSION_PARAM:-"."}"serveconcurrently 'elsie serve' 'wait-on tcp:${PORT:=3002} && alive-server ./examples/html-host --port=3000 --watch=../../dist/reload'storybookelsie storybooktestelsie testtest:cijest --config jest.config.js --passWithNoTests --coverage --detectOpenHandles --forceExittest:cypress:ciyarn clean:reports && cd cypress && yarn install && cross-env TZ=utc yarn cypress run --browser chrome --config baseUrl=${DEPLOY_URL}
Dependencies7
@adobe-commerce/elsie~1.8.1@adobe-commerce/event-bus~1.0.1@adobe-commerce/fetch-graphql~1.2.3@adobe-commerce/recaptcha~1.1.0@adobe-commerce/storefront-design~1.0.0@dropins/build-tools~1.1.0preact~10.22.1