PkgRadar

Package evidence

@newrelic/[email protected]

Remote Dependency Spec: devDependencies.@newrelic/nr-querypack="https://[email protected]/newrelic/nr-querypack"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
259,017Ubiquitous · −70% score
Versions published
478Mature · −50% score
First published
May 2022
Publisher
GitHub ActionsTrusted automation · −70% score

Effective trust discount applied: 70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@newrelic/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@newrelic/[email protected]"],"fail_on":"review"}'
PublisherGitHub Actions
Artifact bytes443,457
Previous version1.316.0-rc.5
Published2026-06-10T03:01:47.689Z
SHA-256bab76a36670d20c8d527b7d4957e62afd984b6143f4d2aac9637bf661b3faa4d

Why flagged

What the scanner saw

Remote Dependency Spec: devDependencies.@newrelic/nr-querypack="https://[email protected]/newrelic/nr-querypack"

1 remote tarball(s) were followed statically.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
2Score
1.316.0-rc.6Version
Status history (1 event)
  1. newavailable · risk review · score 2 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumRemote Dependency Specpackage.jsondevDependencies.@newrelic/nr-querypack="https://[email protected]/newrelic/nr-querypack"8

Remote payloads

Followed remote artifacts

SourceURLRiskScoreSummary
devDependencies.@newrelic/nr-querypackhttps://[email protected]/newrelic/nr-querypackerror0invalid gzip header

Manifest

Package metadata

Scripts31
  • build:allnpm run cdn:build:local && npm run build:npm && npm run tools:test-builds
  • build:browser-agent-wrappernpm run cdn:build:local && npm run build:npm && npm --prefix tools/test-builds/browser-agent-wrapper run build
  • build:npmnpm run npm:build:esm && npm run npm:build:cjs && npm run npm:build:types && npm run npm:pack
  • cdn:buildnpm run cdn:build:prod
  • cdn:build:devnpm run cdn:webpack -- --env mode=dev
  • cdn:build:experimentnpm run cdn:webpack -- --env mode=experiment
  • cdn:build:localnpm run cdn:webpack
  • cdn:build:local-externalnpm run cdn:webpack -- --env mode=local-external
  • cdn:build:prodnpm run cdn:webpack -- --env mode=prod
  • cdn:watchjung -r ./src -F '.*\.test\.js' --run -- npm run cdn:build:local
  • cdn:webpacknpx webpack --progress --config ./tools/webpack/index.mjs
  • linteslint -c .eslintrc.js --ext .js,.cjs,.mjs .
  • lint:fixnpm run lint -- --fix
  • lt:update-browsersnode ./tools/browsers-lists/lt-update-supported.mjs
  • lt:upload-webview-assetsnode ./tools/lambda-test/upload-webview-assets.mjs
  • npm:build:cjsnpx babel --env-name npm-cjs --out-dir dist/cjs --out-file-extension .js ./src
  • npm:build:esmnpx babel --env-name npm-esm --out-dir dist/esm --out-file-extension .js ./src
  • npm:build:typesnpx tsc -b
  • npm:packmkdir -p temp && export PKG_NAME=$(npm pack --pack-destination temp) && echo ./temp/$PKG_NAME
  • preparehusky install
  • publish:nrdb:stagenpm --prefix .github/actions install && node .github/actions/nr-upload/index.js --environment=stage --loader-version=$npm_package_version --stage-api-key=$STAGE_API_KEY && node .github/actions/nr-verify/index.js --loader-version=$npm_package_version
  • startnpm-run-all --parallel cdn:watch test-server
  • test NODE_OPTIONS=--max-old-space-size=8192 jest
  • test-servernode ./tools/wdio/bin/server
  • test:componentjest --selectProjects component
  • test:typesnpm run npm:build:types && tsd -f ./tests/dts/**/*.ts
  • test:unitjest --selectProjects unit
  • third-party-updatesoss third-party manifest --includeOptDeps && oss third-party notices --includeOptDeps
  • tools:test-buildsnpm --prefix ./tools/test-builds run build-all
  • wdionode --max-old-space-size=8192 tools/wdio/bin/cli.js
  • …and 1 more.
Dependencies3
  • @newrelic/rrweb^1.1.2
  • fflate0.8.2
  • web-vitals4.2.4