Package evidence

@postermywall/[email protected]

Remote Dependency Spec: devDependencies.babel-plugin-transform-imports="git+https://[email protected]/fabricjs/babel-plugin-transform-imports.git"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 345
Versions published: 60Mature · −50% score
First published: Jun 2024
Publisher: azmeer250

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@postermywall/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@postermywall/[email protected]"],"fail_on":"review"}'

Publisherazmeer250

Artifact bytes6,405,444

Previous version7.1.0-pmw-58

Published2026-05-05T06:55:59.794Z

SHA-256bbd3136a02a16dc45f4df858e3d6bb6bb2067e7a0f34340ebad5951182301285

Why flagged

What the scanner saw

Remote Dependency Spec: devDependencies.babel-plugin-transform-imports="git+https://[email protected]/fabricjs/babel-plugin-transform-imports.git"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

17h agoLast checked

reviewRisk

4Score

7.1.0-pmw-59Version

Status history (1 event)

new → available17h ago · risk review · score 4 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
medium	Remote Dependency Spec	package.json	devDependencies.babel-plugin-transform-imports="git+https://[email protected]/fabricjs/babel-plugin-transform-imports.git"	8

Manifest

Package metadata

Scripts25

buildnpm run cli -- build
build:fastnpm run build -- -f
clinode ./scripts/index.mjs
coverage:mergenyc merge coveragefiles .nyc_output/merged-coverage.json
coverage:reportnyc report --skip-full=true --reporter=lcov --reporter=text --reporter=text-summary
coverage:report:cinyc report --reporter=text-summary
devnpm run cli -- dev
docstypedoc
exportnpm run cli -- website export
linteslint src extensions
local-serverserve ./ -l tcp://localhost:8080
playwright:typechecktsc -p ./e2e/tsconfig.json --noEmit
prettier:checkprettier --check .
prettier:writeprettier --write .
releasenpm publish --access public --tag pmw
sandboxnpm run sandboxscript -- sandbox
sandboxscriptnode ./scripts/sandbox.mjs
startnpm run sandboxscript -- start
test:e2enpm run playwright:typecheck && playwright test
test:vitestvitest --run --project unit-node
test:vitest:allvitest --run
test:vitest:chromiumvitest --run --project unit-chromium
test:vitest:coveragevitest --run --coverage --project unit-node
test:vitest:coverage:watchnpm run test:vitest --coverage=true
test:vitest:firefoxvitest --run --project unit-firefox

Dependencies1

westures^1.1.1

Optional dependencies2

canvas^3.2.0
jsdom^26.1.0