Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 757
- Versions published
- 41
- First published
- Apr 2026
- Publisher
- nuskin-cws
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@nuskin/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@nuskin/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Large Javascript Payload: 4280817 bytes
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 20 · status changed
Evidence
Static findings
2 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Large Javascript Payload | package/package-dist/index.js | 4280817 bytes | 10 |
| medium | Large Javascript Payload | package/package-dist/index.mjs | 4261466 bytes | 10 |
Manifest
Package metadata
Scripts15
buildyarn build:localbuild-devcross-env CMS_ENV=dev yarn build:server:dev && cross-env CMS_ENV=dev yarn build:client:dev && yarn build-storybookbuild-prodcross-env CMS_ENV=prod NODE_ENV=production yarn build:server:prod && cross-env CMS_ENV=prod NODE_ENV=production yarn build:client:prodbuild-storybookcross-env SB_DISABLE_TELEMETRY=1 CI=true storybook build -o dist/storybookbuild-testcross-env CMS_ENV=test yarn build:server:dev && cross-env CMS_ENV=test yarn build:client:dev && yarn build-storybookbuild:client:devrimraf --glob dist/*.js dist/*.js.map dist/loadable-stats.json dist/index.html && yarn webpack --mode development --progress --config config/webpack.client.jsbuild:client:prodrimraf --glob dist/*.js dist/*.js.map dist/loadable-stats.json dist/index.html && yarn webpack --mode production --progress --config config/webpack.client.jsbuild:localcross-env CMS_ENV=local yarn build:server:dev && cross-env CMS_ENV=local yarn build:client:dev && yarn build-storybookbuild:packagerimraf package-dist && webpack --mode production --config config/webpack.library.js && shx cp src/library/index.d.ts package-dist/index.d.tsbuild:server:devrimraf dist/server && yarn webpack --mode development --progress --config config/webpack.server.jsbuild:server:prodrimraf dist/server && yarn webpack --mode production --progress --config config/webpack.server.jsintegration-testecho 'Integration test not yet implemented'linteslint src/ --ext .js,.jsxstartnodemon --watch src --ext js,jsx,css --delay 2 --exec "yarn build:local && node server-launcher.js"testjest
Dependencies30
@contentstack/delivery-sdk^4.10.3@contentstack/live-preview-utils^4.1.2@contentstack/utils1.7.0@emotion/react^11.14.0@emotion/styled^11.14.1@mui/icons-material^5.15.0@mui/material^5.15.0@mui/system^5.15.0@nuskin/configuration-sdk^3.0.2@nuskin/foundation-theme1.8.0@nuskin/foundation-ui-components^2.2.0contentstack^3.26.2core-js^3.39.0cross-env7.0.3dotenv^17.2.1eslint^8eslint-config-next14.0.4eslint-plugin-prettier^5.2.4eslint-plugin-spellcheck^0.0.20eslint-plugin-unused-imports^3.1.0express^4.21.2jest29.7.0jest-environment-jsdom29.7.0prettier^3.5.3prop-types^15.8.1pubsub-js^1.9.5react^18.2.0react-dom^18.2.0react-gtm-module^2.0.11regenerator-runtime0.14.1