Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 3,404Niche · −30% score
- Versions published
- 213Mature · −50% score
- First published
- Jan 2019
- Publisher
- benjamin.stary
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@orangesk/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@orangesk/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
No high-signal static finding in the saved report.
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
No findings stored for this release.
Manifest
Package metadata
Scripts26
buildnpm run build:scss-exports && npm run build:search-index && next build && npm run spritebuild:bundlenpm run build:scss-exports && pnpm exec rollup -c && npm run build:megamenu && npm run build:footerbuild:footernpm run build:scss-exports && pnpm exec rollup -c rollup.footer.config.mjsbuild:megamenunpm run build:scss-exports && pnpm exec rollup -c rollup.megamenu.config.mjsbuild:scss-exportsnode scripts/build-scss-exports.jsbuild:search-indexnode scripts/mdx-search-index.jscheckbiome check .check:fixbiome check --write .coveragevitest run --coveragedevnpm run build:scss-exports && npm run build:search-index && next devdev:footernpm run build:scss-exports && pnpm exec rollup -c rollup.footer.config.mjs --watchdev:megamenunpm run build:scss-exports && pnpm exec rollup -c rollup.megamenu.config.mjs --watchformatbiome format --write . && prettier --write '**/*.{mdx,scss}'format:biomebiome format --write .format:prettierprettier --write '**/*.{mdx,scss}'imports:fixbiome check --write --only=assist/source/organizeImports .lintbiome lint .lint:fixbiome lint --write .lint:fix:unsafebiome lint --write --unsafe .preparehuskyspritesvg-sprite --symbol --symbol-dest public --symbol-sprite sprite.svg src/assets/icons/*.svgstartnext starttestvitesttest:uivitest --uitest:visual:dockerdocker run --rm --init --ipc=host -e CI=1 -v "$PWD":/work -w /work mcr.microsoft.com/playwright:v1.58.2-noble bash -lc "corepack enable && pnpm install --frozen-lockfile --ignore-scripts && pnpm run test:visual"test:visual:docker:updatedocker run --rm --init --ipc=host -e CI=1 -v "$PWD":/work -w /work mcr.microsoft.com/playwright:v1.58.2-noble bash -lc "corepack enable && pnpm install --frozen-lockfile --ignore-scripts && pnpm run test:visual:update"
Dependencies32
@cloudfour/transition-hidden-element^2.0.2@mdx-js/loader^3.1.1@mdx-js/react^3.1.1@next/mdx16.2.7@orangesk/accessible-autocomplete3.2.2@popperjs/core^2.11.8@types/mdx^2.0.13a11y-dialog^8.1.5classnames^2.5.1daypickr^0.3.4diff2html^3.4.56dompurify^3.4.7html-react-parser6.1.3lorem-ipsum3.0.0minisearch7.2.0next16.2.7normalize.css^8.0.1nouislider^15.8.1prism-react-renderer^2.4.1query-string^9.4.0react^19.2.7react-dom^19.2.7react-element-to-jsx-string^17.0.1react-is^19.2.7rehype-autolink-headings^7.1.0rehype-slug^6.0.0remark-gemoji^8.0.0remark-gfm^4.0.1swiper12.2.0tabbable^6.4.0- …and 2 more.