PkgRadar

Package evidence

@okta/[email protected]

Large Javascript Payload: 2881962 bytes

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
151,502Ubiquitous · −70% score
Versions published
330Mature · −50% score
First published
Jul 2016
Publisher
oktauploader

Effective trust discount applied: 70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@okta/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@okta/[email protected]"],"fail_on":"review"}'
Publisheroktauploader
Artifact bytes22,264,206
Previous version7.45.2
Published2026-05-13T17:17:52.621Z
SHA-2569d4bdc2372b7f12e989d4d139a13203b0b26837a9e4e75d1f5fcf3737aff3be3

Why flagged

What the scanner saw

Large Javascript Payload: 2881962 bytes

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
15Score
7.45.3Version
Status history (1 event)
  1. newavailable · risk review · score 15 · status changed

Evidence

Static findings

5 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumLarge Javascript Payloadpackage/dist/js/okta-sign-in.classic.js2881962 bytes10
mediumLarge Javascript Payloadpackage/dist/js/okta-sign-in.js3968240 bytes10
mediumLarge Javascript Payloadpackage/dist/js/okta-sign-in.next.js4160119 bytes10
mediumLarge Javascript Payloadpackage/dist/js/okta-sign-in.next.no-polyfill.js4004125 bytes10
mediumLarge Javascript Payloadpackage/dist/js/okta-sign-in.oie.js3103395 bytes10

Manifest

Package metadata

Scripts60
  • build:devgrunt build:dev
  • build:esmyarn clean:esm && yarn build:rollup-release && yarn lint:esm
  • build:releasegrunt build:release
  • build:rollup-devrollup -c
  • build:rollup-releaserollup -c rollup.release.config.js
  • build:typesyarn clean:types && yarn generate:types && yarn copy:types
  • build:webpack-devwebpack --config webpack.dev.config.js
  • build:webpack-releasewebpack --config webpack.release.config.js
  • cleanrimraf target && rimraf dist && rimraf build2
  • clean:esmrimraf target/esm
  • clean:typesgrunt clean:types
  • codegen./scripts/codegen.sh
  • copy:typesgrunt copy:types
  • find-internal-packagesnode scripts/find-internal-packages
  • generate-confignode scripts/buildtools generate-language-config
  • generate-phone-codesnode scripts/buildtools generate-phone-codes
  • generate:typesttsc --noEmit false --declaration --emitDeclarationOnly --declarationMap
  • lintmkdir -p build2 && run-p -c lint:eslint lint:stylelint
  • lint:cdneslint --no-ignore --no-eslintrc --no-inline-config --config scripts/buildtools/eslint/.eslintrc.cdn.js dist/dist/js/okta-sign-in.min.js
  • lint:ciyarn codegen && yarn lint
  • lint:eslintyarn lint:types && eslint . --ext .js --ext .ts
  • lint:eslint:reporteslint -f checkstyle -o build2/OSW-eslint-checkstyle-result.xml . --quiet
  • lint:esmeslint --no-ignore --no-eslintrc --no-inline-config --config scripts/buildtools/eslint/.eslintrc.esm.js --ext .js target/esm
  • lint:reportmkdir -p build2 && run-p -c lint:eslint:report lint:types:report lint:stylelint:report
  • lint:stylelintstylelint assets/sass/
  • lint:stylelint:reportstylelint --custom-formatter node_modules/stylelint-checkstyle-formatter assets/sass/ > build2/OSW-stylelint-checkstyle-result.xml
  • lint:typeseslint --no-ignore --no-eslintrc --no-inline-config --config scripts/buildtools/eslint/.eslintrc.types.js --ext .ts types
  • lint:types:reporteslint -f checkstyle -o build2/OSW-eslint-types-checkstyle-result.xml --no-ignore --no-eslintrc --no-inline-config --config scripts/buildtools/eslint/.eslintrc.types.js --ext .ts types
  • mock:device-authenticatorMOCK_SPEC_DIR_NAME=spec-device-authenticator MOCK_SERVER_PORT=6512 node ./playground/mocks/server.js
  • prestart:basicgrunt copy:e2e-pages
  • …and 30 more.
Dependencies18
  • @okta/okta-auth-js7.14.2
  • @sindresorhus/to-milliseconds^1.0.0
  • @types/backbone^1.4.15
  • @types/eslint-scope^3.7.3
  • @types/jquery^3.5.14
  • @types/jqueryui^1.12.16
  • @types/q^1.5.5
  • @types/selectize^0.12.35
  • @types/underscore^1.11.4
  • chokidar^3.5.1
  • clipboard^1.5.16
  • cross-fetch^3.1.5
  • handlebars^4.7.9
  • jquery^3.6.0
  • parse-ms^2.0.0
  • q1.4.1
  • u2f-api-polyfill0.4.3
  • underscore1.13.8
Optional dependencies1
  • fsevents*