Package evidence

@patternfly/[email protected]

Install-time lifecycle script: postinstall="node src/scripts/install.js"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 7
Versions published: 3
First published: Apr 2018
Publisher: patternfly-build

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@patternfly/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@patternfly/[email protected]"],"fail_on":"review"}'

Publisherpatternfly-build

Artifact bytes143,287

Previous versionnone

Published2018-04-04T22:14:54.207Z

SHA-256ce88d085c415ab5f28f5d13e6a28356cd33b0b50dcc1e50f5467d5f50c47ef7d

Why flagged

What the scanner saw

Install-time lifecycle script: postinstall="node src/scripts/install.js"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

4h agoLast checked

reviewRisk

5Score

0.0.0-semantically-releasedVersion

Status history (1 event)

new → available4h ago · risk review · score 5 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 1 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
low	Install-time lifecycle script	package.json	postinstall="node src/scripts/install.js"	5

Manifest

Package metadata

Scripts25

buildnpm-run-all --serial remove-dist ts:lint build:library build:demo copy-examples:demo
build:demowebpack --config config/webpack.demo.js --progress --profile --bail
build:librarygulp build
bundlewebpack --config config/webpack.prod.js --progress --profile --bail
cleannpm cache clean && npm run rimraf -- node_modules doc coverage dist distwatch bundles
cleanuprimraf dist/package.json dist/bundles dist/src dist/index.d.ts dist/index.metadata.json dist/index.js dist/index.js.map dist/LICENSE dist/README.md
commitgit-cz
copy-examples:demogulp copy-examples
lintstylelint 'src/**/*.scss' --config ./.stylelintrc --fix
minifyuglifyjs dist/bundles/ngx-widgets.js --screw-ie8 --compress --mangle --comments --output dist/bundles/patternfly-ng.min.js
postinstallnode src/scripts/install.js
publish-travisnode_modules/patternfly-eng-publish/script/publish-ghpages.sh -t dist-demo
reinstallnpm run clean && npm install
remove-distrimraf build dist dist-watch dist-demo
rimrafrimraf
semantic-releasesemantic-release pre && copy package.json npm-shrinkwrap.json dist && npm publish dist && semantic-release post
semantic-release-postsemantic-release post
semantic-release-presemantic-release pre
start:demonpm run webpack-dev-server -- --config config/webpack.demo.js --progress --host 0.0.0.0 --port 8001 --profile --watch --content-base dist-demo
testkarma start
test:debugkarma --browsers Chrome --no-single-run start
transpilegulp transpile
ts:linttslint -p tslint.json 'index.ts' 'src/**/*.ts'
ts:lint:fixnpm run ts:lint -- --fix
webpack-dev-servernode --max_old_space_size=4096 node_modules/webpack-dev-server/bin/webpack-dev-server.js

Dependencies2

@patternfly/patternfly-next-workshop0.0.4
lodash^4.17.4