Package evidence
@rh-support/[email protected]
Remote Dependency Spec: dependencies.hydrajs="git+https://gitlab.cee.redhat.com/redhataccess/hydrajs.git#1.2.9"
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@rh-support/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@rh-support/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Remote Dependency Spec: dependencies.hydrajs="git+https://gitlab.cee.redhat.com/redhataccess/hydrajs.git#1.2.9"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 28 · status changed
Evidence
Static findings
4 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Dependency Spec | package.json | dependencies.hydrajs="git+https://gitlab.cee.redhat.com/redhataccess/hydrajs.git#1.2.9" | 12 |
| medium | Large Javascript Payload | package/dist/assets/vendors~index.c0d33d8c.chunk.js | 7414163 bytes | 10 |
Show all 4 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Dependency Spec | package.json | dependencies.hydrajs="git+https://gitlab.cee.redhat.com/redhataccess/hydrajs.git#1.2.9" | 12 |
| medium | Large Javascript Payload | package/dist/assets/vendors~index.c0d33d8c.chunk.js | 7414163 bytes | 10 |
| low | Obfuscation | package/dist/assets/vendors~CaseManagement.3838b8b5.chunk.js | matched "\\u0300" | 3 |
| low | Obfuscation | package/dist/assets/vendors~polyfill.ae2927ec.chunk.js | matched "\\x20" | 3 |
Manifest
Package metadata
Scripts7
buildrm -rf dist && webpack --config ./node_modules/@rh-support/configs/apps/webpack-prod.js --bail --progress --profile && npm run build:serverbuild:devrm -rf dist && webpack --config ./node_modules/@rh-support/configs/apps/webpack-dev.js --bail --progress --profilebuild:servertsc public/server.ts --allowSyntheticDefaultImports true --esModuleInterop true --skipLibCheck true --outDir distgenerate-translationnpm run build && react-gettext-parser --output messages.pot 'dist/assets/*.js'prepublishOnlynpm run buildstartnode --max-http-header-size=32768 dist/server.jsstart:devwebpack-dev-server --config ./node_modules/@rh-support/configs/apps/webpack-dev.js --https --cert ./node_modules/@rh-support/configs/apps/server.cert --key ./node_modules/@rh-support/configs/apps/server.key --hot --inline & spandx -c ./node_modules/@rh-support/configs/apps/spandx.config.js
Dependencies33
@patternfly/patternfly^2.17.0@patternfly/pfe-accordion^1.0.0-prerelease.10@patternfly/pfelement^1.0.0-prerelease.14@patternfly/react-core^3.38.1@rh-support/api^0.0.30@rh-support/components^0.0.30@rh-support/troubleshoot^0.0.30@rh-support/types^0.0.30@rh-support/utils^0.0.30@webcomponents/webcomponentsjs^2.2.10abortcontroller-polyfill^1.3.0compression^1.7.4connect-history-api-fallback^1.6.0downshift^3.2.7es6-object-assign^1.1.0express^4.17.0hydrajsgit+https://gitlab.cee.redhat.com/redhataccess/hydrajs.git#1.2.9i18next^17.0.1js-markdown-extra^1.2.4jsuri^1.3.1lodash^4.17.15marked^0.7.0morgan^1.9.1promise-polyfill^8.1.0qs^6.7.0react^16.9.0react-bootstrap-typeahead^3.4.3react-dom^16.9.0react-dropzone^10.1.4react-i18next^10.11.0- …and 3 more.