PkgRadar

Package evidence

@progress/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
55,602Mainstream · −50% score
Versions published
2,012Mature · −50% score
First published
Jun 2017
Publisher
progress

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@progress/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@progress/[email protected]"],"fail_on":"review"}'
Publisherprogress
Artifact bytes2,418,086
Previous version8.1.1-dev.0
Published2024-07-15T00:52:08.171Z
SHA-25689aae7f98cfebb64d1cf1dde7e64bd9ea4a255ab438888649c055c2e53658bc0

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
8.2.0-dev.0Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts13
  • buildsass-build
  • docsnode ../../scripts/sassdoc.js
  • nuget-packjq '.version' package.json | xargs nuget pack package.nuspec -Version
  • nuget-pushnuget push *.nupkg -ApiKey $NUGET_API_KEY -Source $NUGET_FEED -SkipDuplicate
  • postpublishecho 'no postpublish for bootstrap theme'
  • predocsnpm run resolve-variables
  • prepublishOnlynode ../../scripts/themes-prepublish.js
  • resolve-variablesnode ../../scripts/resolve-variables.js
  • sasssass-build
  • sass:flatgulp dist:flat && sass-build -c sass-flat.config.js
  • sass:standalonesass-build -c sass-standalone.config.js
  • sass:swatchesgulp dist:swatches && sass-build -c sass-swatches.config.js
  • watchnode ../../scripts/watch-theme
Dependencies5
  • @progress/kendo-svg-icons3.0.0
  • @progress/kendo-theme-core8.2.0-dev.0
  • @progress/kendo-theme-default8.2.0-dev.0
  • @progress/kendo-theme-utils8.2.0-dev.0
  • bootstrap5.2.1