PkgRadar

Package evidence

@sap/[email protected]

Invalid Package Json: package.json is not valid JSON

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
105,578Ubiquitous · −70% score
Versions published
140Mature · −50% score
First published
Feb 2021
Publisher
sap_extncrepos

Effective trust discount applied: 70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@sap/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@sap/[email protected]"],"fail_on":"review"}'
Publishersap_extncrepos
Artifact bytes2,793,087
Previous version1.22.0
Published2026-04-27T10:20:40.581Z
SHA-2562fab0de21788150442336ad6524e0308d6c2fd6ae2d8652c12a4a374d3b9521e

Why flagged

What the scanner saw

Invalid Package Json: package.json is not valid JSON

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
6Score
1.23.0Version
Status history (1 event)
  1. newavailable · risk review · score 6 · status changed

Evidence

Static findings

3 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumInvalid Package Jsonpackage/generators/generator-adp/templates/project/package.jsonpackage.json is not valid JSON10
mediumInvalid Package Jsonpackage/generators/ui5-application-writer/templates/core/package.jsonpackage.json is not valid JSON10
Show all 3 findings (low-signal and informational)
SeverityKindPathDetailPoints
mediumInvalid Package Jsonpackage/generators/generator-adp/templates/project/package.jsonpackage.json is not valid JSON10
mediumInvalid Package Jsonpackage/generators/ui5-application-writer/templates/core/package.jsonpackage.json is not valid JSON10
lowLarge Javascript Payloadpackage/generators/commonlibs/index.js6680360 bytes0

Manifest

Package metadata

Scripts31
  • buildnpm-run-all -l info:node clean build:webpack build:test
  • build:allnpm-run-all build:dev
  • build:devtsc --build ./ --pretty
  • build:fastyarn clean && yarn lerna run --concurrency 1 --no-bail --stream build && yarn build:dev
  • build:testgulp mkdirp --dirs reports/test,test/test-output && copyfiles --flat -V test/*.css reports/test
  • build:webpackcross-env NODE_OPTIONS='--max-old-space-size=3072' webpack --stats-error-details --config webpack.prod.js
  • bundlenpm-run-all build tgz:package
  • bundle:devnpm-run-all -l -s build:dev bundle:devconfig tgz:package
  • bundle:devconfigwebpack --config webpack.dev.js
  • cleanrimraf --glob reports test/test-output
  • clean:distrimraf --glob dist generators templates *.tsbuildinfo .webpack_cache
  • clean:webpack_cacherimraf .webpack_cache
  • format:fixprettier --write --loglevel silent --ignore-path ../../../.prettierignore
  • format:fix:allprettier --write '**/*.{css,scss,html,js,json,ts,tsx,yaml,yml}' '!**/{out,typings,node_modules}/**' '!**/*.{svg,png,xml}' '!resources/templates/**' --ignore-path ../../../.prettierignore
  • generate:test:appsjest --ci --forceExit --config=jest-no-coverage-config.js ./test/tools/generate-apps.test.ts
  • info:nodeecho 'Node Version:' && node -v
  • linteslint .
  • lint:fixeslint --fix
  • lint:fix:alleslint . --fix
  • lint:reporteslint . -f multiple
  • lint:summaryeslint . -f summary
  • madgemadge --warning --circular --exclude "^(templates|generators|test/integration/mock-service/expected-output|test/integration/reuse-lib/expected-output|test/test-output)" --extensions ts ./
  • prepackrimraf --glob node_modules/@sap/*/node_modules/@*
  • testjest --forceExit --ci --config=jest.config.js
  • test:deploymentjest --ci --forceExit --config=jest-deployment.config.js
  • test:e2e:fioricross-env SAP_UX_FIORI_TOOLS_DISABLE_TELEMETRY=true jest --config=jest-e2e.config.js --maxConcurrency=3
  • test:integrationcross-env SAP_UX_FIORI_TOOLS_DISABLE_TELEMETRY=true FIORI_TOOLS_DISABLE_SECURE_STORE=true jest --ci --forceExit --config=jest-integration.config.js
  • test:integration:livecross-env SAP_UX_FIORI_TOOLS_DISABLE_TELEMETRY=true FIORI_TOOLS_DISABLE_SECURE_STORE=true jest --ci --forceExit --config=jest-integration-live.config.js --maxConcurrency=4
  • test:integration:live:localcross-env SAP_UX_FIORI_TOOLS_DISABLE_TELEMETRY=true FIORI_TOOLS_DISABLE_SECURE_STORE=true live_snapshots=true jest --forceExit --config=jest-integration-live.config.js --maxConcurrency=4
  • tgz:packagenpm pack
  • …and 1 more.
Optional dependencies1
  • @zowe/secrets-for-zowe-sdk8.29.4