Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 1,189Niche · −30% score
- Versions published
- 118Mature · −50% score
- First published
- May 2022
- Publisher
- GitHub ActionsTrusted automation · −70% score
Effective trust discount applied: −70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@rancher/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@rancher/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Credential file access: matched "KUBECONFIG"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 10 · status changed
Evidence
Static findings
8 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 8 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Credential file access | package/models/management.cattle.io.cluster.js | matched "KUBECONFIG" | 5 |
| low | Credential file access | package/config/product/manager.js | matched "KUBECONFIG" | 5 |
| low | Credential file access | package/models/provisioning.cattle.io.cluster.js | matched "KubeConfig" | 5 |
| low | Credential file access | package/config/types.js | matched "kubeconfig" | 5 |
| low | Credential file access | package/models/ext.cattle.io.kubeconfig.ts | matched "kubeconfig" | 5 |
| low | Credential file access | package/config/settings.ts | matched "kubeconfig" | 5 |
| low | Credential file access | package/assets/translations/en-us.yaml | matched "kubeconfig" | 3 |
| low | Credential file access | package/assets/translations/zh-hans.yaml | matched "kubeconfig" | 3 |
Manifest
Package metadata
Scripts12
analyze./node_modules/.bin/vue-cli-service build --reportbuild./node_modules/.bin/vue-cli-service buildclean./scripts/cleancy:opencypress opency:runcypress rundev./node_modules/.bin/vue-cli-service deve2e:devstart-server-and-test dev https://localhost:8005 cy:opene2e:preNODE_ENV=dev yarn builde2e:runNODE_ENV=dev START_SERVER_AND_TEST_INSECURE=1 start-server-and-test start https://localhost:8005/ cy:runlint./node_modules/.bin/eslint --max-warnings 0 --ext .ts,.js,.vue .start./node_modules/.bin/vue-cli-service starttest./node_modules/.bin/nyc ava --serial --verbose
Dependencies121
@aws-sdk/client-ec23.863.0@aws-sdk/client-eks3.879.0@aws-sdk/client-iam3.863.0@aws-sdk/client-kms3.863.0@babel/plugin-proposal-optional-chaining7.21.0@babel/plugin-proposal-private-methods7.18.6@babel/plugin-proposal-private-property-in-object7.14.5@babel/preset-typescript7.16.7@novnc/novnc1.2.0@popperjs/core2.11.8@rancher/icons2.0.55@smithy/fetch-http-handler5.1.1@types/is-url1.2.30@types/node25.3.3@types/semver^7.5.8@typescript-eslint/eslint-plugin5.62.0@typescript-eslint/parser5.62.0@vue/cli-plugin-babel~5.0.0@vue/cli-plugin-typescript~5.0.0@vue/cli-service5.0.8@vue/test-utils2.4.6@vue/vue3-jest27.0.0add2.0.6ansi_up5.0.0axios1.15.0axios-retry3.1.9babel-eslint10.1.0babel-plugin-module-resolver5.0.2babel-preset-vue2.0.2cache-loader4.1.0- …and 91 more.