Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 323
- Versions published
- 85Mature · −50% score
- First published
- Aug 2020
- Publisher
- alebinson
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@map-colonies/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@map-colonies/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Large Javascript Payload: 3827207 bytes
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
3 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 3 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Large Javascript Payload | package/dist/Cesium/index.cjs | 3827207 bytes | 0 |
| low | Large Javascript Payload | package/dist/Cesium/Cesium.js | 3777552 bytes | 0 |
| low | Large Javascript Payload | package/dist/Cesium/index.js | 3776164 bytes | 0 |
Manifest
Package metadata
Scripts15
buildyarn run clean && yarn printTSVersion && yarn transpileTS && vite buildbuild-storybookrimraf storybook-static && build-storybookcleanrimraf distcopy-storybook_datagit clone https://github.com/MapColonies/shared-components-data.git && copyfiles -u 1 "./shared-components-data/stories-data.json" "." && rimraf shared-components-datacopyassets:allyarn run copyassets:cesium && yarn run copyassets:componentscopyassets:cesiumcopyfiles -u 5 "../../node_modules/cesium/Build/Cesium/**/*" "./public"copyassets:componentscopyfiles -u 1 "./public/assets/**/*" "dist"devvitelinteslint src --ext ts,tsx --report-unused-disable-directives --max-warnings 0postbuildyarn copyassets:all && copyfiles -u 2 -e "**/*.ts" -e "**/*.tsx" "src/components/**/*" distprepackyarn buildpreviewvite previewprintTSVersionecho TS $(tsc -v)storybookyarn run copy-storybook_data && start-storybook -p 9010transpileTStsc --project ./tsconfig-build.json
Dependencies40
@cmcleese/cesium-navigation^4.0.7@date-io/date-fns^1.3.13@here/quantized-mesh-decoder^1.2.8@map-colonies/react-core^4.2.0@material-ui/core^4.11.0@material-ui/pickers^3.2.10@turf/area^6.5.0@turf/bbox^6.0.1@turf/bbox-polygon^6.0.1@turf/boolean-contains^6.5.0@turf/boolean-point-in-polygon^6.5.0@turf/boolean-valid^7.2.0@turf/centroid^7.2.0@turf/helpers^6.1.4@turf/intersect^6.1.3@turf/point-to-polygon-distance^7.2.0@turf/rewind^5.1.5cesium1.103.0chonky^2.3.2chonky-icon-fontawesome^2.3.2copy-webpack-plugin^6.3.1copyfiles2.3.0cross-env7.0.2date-fns^2.14.0geojson^0.5.0get-input-selection^1.1.4lodash^4.17.20ol^6.4.3ol-ext^4.0.18p-map6.0.0- …and 10 more.