PkgRadar

Package evidence

@merkaly/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
34
First published
Jan 2026
Publisher
kronhyx

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@merkaly/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@merkaly/[email protected]"],"fail_on":"review"}'
Publisherkronhyx
Artifact bytes26,226
Previous version0.6.0
Published2026-05-08T11:51:15.807Z
SHA-2567c7d88cf0b6547b9d84921d4029fea3185ef1bdfa84782dd6e736fd84ad29b76

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
0.6.1Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts9
  • buildnuxt-module-build build
  • build:stubnuxt-module-build build --stub
  • devpnpm dev:prepare && cd playground && pnpm storybook
  • dev:buildnuxi build playground
  • dev:preparepnpm build:stub && nuxi prepare playground
  • linteslint .
  • testvitest run
  • test:typesvue-tsc --noEmit && cd playground && vue-tsc --noEmit
  • test:watchvitest watch
Dependencies32
  • @auth0/auth0-spa-js^2.19.0
  • @bootstrap-vue-next/nuxt^0.44.1
  • @nuxt/devtools^3.2.1
  • @nuxt/eslint1.15.1
  • @nuxt/eslint-config^1.15.1
  • @nuxt/fonts0.14.0
  • @nuxt/image^2.0.0
  • @nuxt/kit^4.4.2
  • @nuxtjs/plausible^3.0.1
  • @sentry/nuxt^10.51.0
  • @types/nodelatest
  • @types/vue-select^3.16.8
  • @vueuse/components^14.3.0
  • @vueuse/core^14.3.0
  • @vueuse/integrations^14.3.0
  • @vueuse/nuxt^14.3.0
  • bootstrap^5.3.8
  • bootstrap-vue-next^0.44.1
  • change-case^5
  • class-transformer^0.5.1
  • class-validator^0.15.1
  • eslint^9.39.1
  • filesize^11.0.2
  • nuxt^4.4.2
  • reflect-metadata^0.2.2
  • sass^1.99.0
  • typescript~5.9.3
  • v-money3^3.24.1
  • vite-svg-loader^5.1.0
  • vue^3.5.22
  • …and 2 more.
Optional dependencies1
  • defu^6.1.5