Package evidence
@rankingcoach/[email protected]
Install-time lifecycle script: postinstall="pnpm vanguard:clean-assets"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 26
- First published
- Feb 2026
- Publisher
- rankingcoach-account
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@rankingcoach/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@rankingcoach/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Install-time lifecycle script: postinstall="pnpm vanguard:clean-assets"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 5 · status changed
Evidence
Static findings
2 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 2 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Install-time lifecycle script | package.json | postinstall="pnpm vanguard:clean-assets" | 5 |
| low | Large Javascript Payload | package/dist-wordpress/index.js | 2462200 bytes | 0 |
Manifest
Package metadata
Scripts40
buildnode scripts/analyze-dynamic-imports.js && pnpm run build-lib && pnpm run build-wordpressbuild-apptsgo --project tsconfig.app.json && vite build --config vite.config.app.tsbuild-libvite build --config vite.config.lib.ts && node scripts/fix-dynamic-imports.js && echo 'default' > dist/.versionbuild-storybookstorybook buildbuild-wordpressvite build --config vite.config.wordpress.ts && node scripts/fix-dynamic-imports.js ; mv dist-wordpress/types/src/index-wordpress.d.ts dist-wordpress/types/index.d.ts ; echo 'wp' > dist-wordpress/.version && node scripts/cleanup-wordpress-assets.jsbuild-wordpress-no-cleanvite build --config vite.config.wordpress.tsbuild:analyzepnpm run build-lib && echo '📊 Bundle analysis saved to dist/bundle-analysis.html'cleanrm -rf distdeploy-packageif [ "$(git branch --show-current)" = "master" ]; then git push --follow-tags origin master && pnpm publish; else git push --follow-tags origin HEAD && pnpm publish --no-git-checks --tag "$(git branch --show-current)"; fidevvite --config vite.config.app.tsgenerate-dtsvite build --config vite.config.lib.tshuskyhusky installlinteslint srcpostinstallpnpm vanguard:clean-assetspreviewvite previewpublish-betapnpm publish --tag betapublish-tagsgit push --follow-tags origin masterreleaseif [ "$(git branch --show-current)" = "master" ]; then standard-version; else standard-version --prerelease "$(git branch --show-current)"; firelease-betastandard-version --prerelease betarelease-beta-dry-runstandard-version --prerelease beta --dry-runrelease-dry-runif [ "$(git branch --show-current)" = "master" ]; then standard-version --dry-run; else standard-version --prerelease "$(git branch --show-current)" --dry-run; fiserve-storybookpnpm run build-storybook && cd storybook-static && python3 -m http.server 8080storybookstorybook dev -p 6006testvitest run --project storybook --project spectest:uivitest --ui --coveragetest:ui:cvitest --coverage --project storybook-uitest:wvitest --project storybook --project spectest:w:cvitest --coverage --watch --project storybook --project specvanguardnode scripts/vanguard-cli.jsvanguard:analyze-dynamic-importsnode scripts/analyze-dynamic-imports.js- …and 10 more.
Dependencies7
@testing-library/react16.3.0date-fns2.30.0dom-serializer2.0.0domhandler5.0.3htmlparser28.0.2redux-logger3.0.6type-fest4.41.0