Package evidence

@oneblink/[email protected]

Remote Dependency Spec: devDependencies.@oneblink/types="github:oneblink/types"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 1,393Niche · −30% score
Versions published: 947Mature · −50% score
First published: Aug 2020
Publisher: GitHub ActionsTrusted automation · −70% score

Effective trust discount applied: −70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@oneblink/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@oneblink/[email protected]"],"fail_on":"review"}'

PublisherGitHub Actions

Artifact bytes871,688

Previous version10.3.1-beta.5

Published2026-06-04T05:19:11.720Z

SHA-25669148f1f787b57297e9cf3419853d1e3e795f2f9cf6e2d4871f1d05538ac17d5

Why flagged

What the scanner saw

Remote Dependency Spec: devDependencies.@oneblink/types="github:oneblink/types"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

11d agoLast checked

reviewRisk

2Score

10.3.1-beta.6Version

Status history (1 event)

new → available11d ago · risk review · score 2 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
medium	Remote Dependency Spec	package.json	devDependencies.@oneblink/types="github:oneblink/types"	8

Manifest

Package metadata

Scripts16

buildtsc && npm run build:css
build:cssnpm run copy:sass && npm run copy:styles && sass ./dist/styles.scss ./dist/styles.css --load-path ./node_modules --no-source-map
copy:sasscopyfiles -u 1 ./src/styles.scss ./dist
copy:stylescopyfiles -u 1 ./src/styles/* ./dist
docstypedoc
eslinteslint src --fix --cache
fixpackfixpack
formatprettier --write .
preparenpm run build
pretestnpm run fixpack && npm run eslint && npm run typescript
releaseoneblink-release repository --no-name
starttsc-watch
testvitest
typesnpm i -D github:oneblink/types
typescripttsc --noEmit
update-dependentsoneblink-release update-dependents --force

Dependencies43

@arcgis/core~4.34.8
@aws-sdk/client-cognito-identity-provider^3.987.0
@emotion/react^11.14.0
@emotion/styled^11.14.1
@nylas/react^3.1.2
@oneblink/sdk-core^9.2.1-beta.1
@oneblink/storage^7.1.1-beta.2
@react-google-maps/api^2.20.8
@react-input/mask^2.0.4
@sentry/browser^10.38.0
@sentry/tracing^7.120.4
@tanstack/react-table^8.21.3
blueimp-load-image^5.16.0
bulma^0.9.4
bulma-slider2.0.4
bulma-steps^2.2.1
bulma-toast^2.4.4
clsx^2.1.1
color^4.2.3
copy-to-clipboard^3.3.3
date-fns^2.30.0
email-validator^2.0.4
escape-string-regexp^5.0.0
file-saver^2.0.5
file-type-checker^1.1.6
html5-qrcode^2.3.8
jwt-decode^4.0.0
localforage^1.10.0
lodash.clonedeep^4.5.0
lodash.debounce^4.0.8
…and 13 more.