PkgRadar

Package evidence

@paypal/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
3
First published
Apr 2020
Publisher
ravishekhar00

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@paypal/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@paypal/[email protected]"],"fail_on":"review"}'
Publisherravishekhar00
Artifact bytes985,316
Previous version2.0.237-alpha.0
Published2020-05-01T13:29:28.874Z
SHA-256281cc12ffed7635ff153803d15c2ab6e836bf3a8a10e4cf7965fd090b30e2b9e

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
2.0.249-alpha.0Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts21
  • babelbabel server --ignore=node_modules --out-dir server && babel webpack.config.js globals.js --out-dir .
  • buildnpm run test && npm run webpack
  • cleanrimraf dist coverage
  • coverecho no-cover
  • debugcross-env NODE_ENV=debug
  • flowflow
  • flow-typedrm -rf ./flow-typed && flow-typed install --ignoreDeps peer && flow-typed install jest@22 mocha@4 && flow-typed install [email protected] && sed -i -e 's/http$IncomingMessage,/http$IncomingMessage<>,/g' ./flow-typed/npm/express_v4.16.x.js
  • jestjest test/server --collectCoverage --collectCoverageFrom='server/' --env=node --no-cache --silent
  • karmacross-env NODE_ENV=test babel-node --plugins=transform-es2015-modules-commonjs ./node_modules/.bin/karma start
  • linteslint --ext .js --ext .jsx src/ server/ test/ *.js
  • postpublishgit clean -f && git checkout .
  • prepublishin-publish && npm run babel || not-in-publish
  • reinstallrimraf flow-typed && rimraf node_modules && npm install && flow-typed install
  • release./publish.sh
  • release:major./publish.sh major
  • release:minor./publish.sh minor
  • release:patch./publish.sh patch
  • setupnpm install && npm run flow-typed
  • startbabel-node ./server/devServer
  • testif [ ! $SKIP_TEST ]; then npm run lint && npm run flow-typed && npm run flow check && npm run karma && npm run jest; fi;
  • webpackbabel-node --plugins=transform-es2015-modules-commonjs ./node_modules/.bin/webpack --progress
Dependencies15
  • @paypal/checkout-components^5.0.30
  • @paypal/common-components^1.0.5
  • @paypal/sdk-client^4.0.27
  • @paypal/sdk-constants^1.0.27
  • @paypal/sdk-logos^1.0.17
  • beaver-logger^4.0.12
  • belter^1.0.19
  • cross-domain-utils^2.0.16
  • grabthar^3
  • jsx-pragmatic^2
  • preact^10
  • preact-render-to-string^5.1.4
  • strict-merge^1.0.1
  • typed-graphqlify^2.2.3
  • zalgo-promise^1.0.28