Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 384
- Versions published
- 179Mature · −50% score
- First published
- Feb 2020
- Publisher
- meghana-vadlapally
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@oracle/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@oracle/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Large Javascript Payload: 2877177 bytes
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 30 · status changed
Evidence
Static findings
14 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Large Javascript Payload | package/meta/13.0.0/jetauditmeta.js | 2877177 bytes | 10 |
| medium | Large Javascript Payload | package/meta/13.1.0/jetauditmeta.js | 2881673 bytes | 10 |
| medium | Large Javascript Payload | package/meta/14.0.0/jetauditmeta.js | 2937938 bytes | 10 |
| medium | Large Javascript Payload | package/meta/14.1.0/jetauditmeta.js | 2941158 bytes | 10 |
| medium | Large Javascript Payload | package/meta/15.0.0/jetauditmeta.js | 2952445 bytes | 10 |
| medium | Large Javascript Payload | package/meta/15.1.0/jetauditmeta.js | 2952445 bytes | 10 |
| medium | Large Javascript Payload | package/meta/16.0.0/jetauditmeta.js | 3000689 bytes | 10 |
| medium | Large Javascript Payload | package/meta/16.1.0/jetauditmeta.js | 3000687 bytes | 10 |
| medium | Large Javascript Payload | package/meta/17.0.0/jetauditmeta.js | 3050079 bytes | 10 |
| medium | Large Javascript Payload | package/meta/17.1.0/jetauditmeta.js | 3069863 bytes | 10 |
| medium | Large Javascript Payload | package/meta/18.0.0/jetauditmeta.js | 3102562 bytes | 10 |
| medium | Large Javascript Payload | package/meta/18.1.0/jetauditmeta.js | 3108496 bytes | 10 |
| medium | Large Javascript Payload | package/meta/19.0.0/jetauditmeta.js | 3178688 bytes | 10 |
| medium | Large Javascript Payload | package/meta/8.3.0/jetauditmeta.js | 2877637 bytes | 10 |
Manifest
Package metadata
Scripts10
buildnode ./build/build.jsbuildmetanode ./build/metabuild.js --showmetadelnode ./build/metadel.jsstartnode jaf.js -etestnode ./tests/test.js -ut -c ./tests/config/config_base.jsontest-cx-commonnode ./tests/scripts/testCaseAudit cx-common basetest-jetwcmocha ./tests/jetwc-tests/*.test.js --timeout 5000test-jetwcomocha ./tests/jetwco-tests/*.test.js --timeout 20000test-oj-samplenode ./tests/scripts/testCaseAudit oj-sample basetest-spectranode ./tests/scripts/testCaseAudit spectra-components base
Dependencies25
@babel/generator^7.19.5@babel/parser^7.19.4@typescript-eslint/typescript-estree8.31.0adm-zip0.4.16ajv8.12.0ast-traverse^0.1.1astring^1.8.3css-tree3.1.0decache4.6.0es-abstract1.20.5espree9.5.2glob7.1.6htmlparser28.0.1line-column^1.0.2markdown-it12.2.0md52.3.0mock-http-server1.4.2parserlib1.1.1readline-sync^1.4.10really-relaxed-json0.2.24semver6.3.0strip-json-comments2.0.1sync-request6.1.0tmp0.0.33typescript5.8.3