Package evidence

@skbkontur/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 814Mature · −50% score
First published: Jun 2017
Publisher: skbkontur-bot

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@skbkontur/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@skbkontur/[email protected]"],"fail_on":"review"}'

Publisherskbkontur-bot

Artifact bytes1,324,895

Previous version6.0.7

Published2026-06-10T08:45:27.741Z

SHA-2565a69973bdb82b682356ef873133d53348316b46fe1b65c89bfdb8768dde28212

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low

2d agoLast checked

lowRisk

0Score

6.0.8Version

Status history (1 event)

new → available2d ago · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts31

buildrun-s build:* build:lint:*
build:copy-filescopyfiles package.json README.md CHANGELOG.md LICENSE typings/* build
build:exportsnode ./scripts/exports.ts
build:lint:attwattw --ignore-rules cjs-resolves-to-esm --quiet --pack ./build
build:lint:publintpublint --pack npm ./build
build:tsctsc --outDir build -p prod.tsconfig.json
cleangit clean -fdxqe node_modules
creeveycross-env BABEL_ENV=cjs creevey test -c .creevey/config.mts --storybook-port=6060
creevey:cistart-server-and-test storybook:serve http://localhost:6060 "run-s verify:storybook-react-runtime creevey"
creevey:uiyarn creevey --ui
creevey:updatecross-env BABEL_ENV=cjs creevey -c .creevey/config.mts --update
fixrun-s -c fix:*
fix:oxfmtoxfmt .
fix:oxlintoxlint --fix .
lintrun-p -c lint:*
lint:oxfmtoxfmt --check .
lint:oxlintoxlint .
lint:tsctsc --noEmit --diagnostics
prebuildyarn rimraf build
prereleaseyarn build
releasenpm publish ./build --workspaces=false
release:unstableyarn release --tag=unstable
storybookstorybook dev -p 6060
storybook:buildcross-env STORYBOOK_REACT_UI_TEST=true storybook build -o .storybook/build --quiet
storybook:docscross-env STORYBOOK_REACT_UI_DOCS=true storybook dev --docs -p 6061 -c .storybook-docs
storybook:docs-buildcross-env STORYBOOK_REACT_UI_DOCS=true storybook build --docs -c .storybook-docs -o .storybook/build --quiet
storybook:serveyarn serve -l 6060 .storybook/build
storybook:testcross-env STORYBOOK_REACT_UI_TEST=true storybook dev --ci -p 6060
testvitest run
test:watchvitest
…and 1 more.

Dependencies20

@babel/runtime^7.24.6
@emotion/css^11.11.2
@skbkontur/colors^2.1.5
@skbkontur/react-imask^7.6.5
eventemitter3^5.0.1
focus-lock^1.3.5
invariant^2.2.4
lodash.debounce^4.0.8
lodash.isequal^4.5.0
lodash.throttle^4.1.1
normalize-wheel^1.0.1
react-clientside-effect^1.2.6
react-docgen7.0.0
react-transition-group^4.4.5
shallowequal^1.1.0
stylis-plugin-extra-scope^0.3.0
tabbable^6.2.0
use-callback-ref^1.3.2
use-sidecar^1.1.2
warning^4.0.3