Package evidence
@stoplight/[email protected]
Remote Dependency Spec: dependencies.httpsnippet="github:stoplightio/httpsnippet#master"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 591Mature · −50% score
- First published
- Jul 2019
- Publisher
- marbemac
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@stoplight/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@stoplight/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Remote Dependency Spec: dependencies.httpsnippet="github:stoplightio/httpsnippet#master"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 3 · status changed
Evidence
Static findings
4 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Dependency Spec | package.json | dependencies.httpsnippet="github:stoplightio/httpsnippet#master" | 12 |
Show all 4 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Remote Dependency Spec | package.json | dependencies.httpsnippet="github:stoplightio/httpsnippet#master" | 12 |
| low | Large Javascript Payload | package/docs-auto/sb_dll/storybook_ui_dll.js | 2459444 bytes | 0 |
| low | Large Javascript Payload | package/docs-auto/vendors~main.83a3d7ad4a14a3217545.bundle.js | 11909277 bytes | 0 |
| low | Large Javascript Payload | package/docs-auto/vendors~main.e7165a885dfcb92c1ba3.bundle.js | 2805424 bytes | 0 |
Manifest
Package metadata
Scripts18
buildyarn build.componentsbuild.componentssl-scripts buildbuild.docsbuild-storybook -c .storybook -o docs-autobuild.stylescopyfiles -u 1 "./src/styles/**/*" ./distcommitgit-czlintyarn lint.prod --cachelint.fixyarn lint --fixlint.prodeslint 'src/**/*.{ts,tsx}'postbuildyarn build.stylesreleasesl-scripts releaserelease.docssl-scripts release:docsrelease.dryRunsl-scripts release --dry-run --debugstorybookstart-storybook -p 9001testjesttest.prodyarn lint && yarn test --coverage --maxWorkers=2test.updateyarn test --updateSnapshottest.watchyarn test --watchtype-checktsc --noEmit
Dependencies29
@stoplight/json^3.8.3@stoplight/json-ref-resolver^3.1.0@stoplight/json-schema-viewer^3.0.0-beta.28@stoplight/markdown^2.9.0@stoplight/markdown-viewer^4.2.2@stoplight/path^1.3.1@stoplight/react-error-boundary^1.1.0@stoplight/tree-list^5.0.3@stoplight/types^11.9.0@stoplight/ui-kit^3.0.0-beta.20@stoplight/yaml^4.2.1axios^0.19.2classnames^2.2.6copy-to-clipboard^3.3.1fast-text-encoding^1.0.1fp-ts^2.5.3graphql^14httpsnippetgithub:stoplightio/httpsnippet#masterlodash^4.17.19mobx-react-lite^1.5.2object-hash^2.0.3openapi-sampler^1.0.0-beta.15parse-prefer-header^1.0.0react-error-boundary^1.2.5tslib^1.12.0type-is^1.6.18unist-util-select^3.0.1urijs^1.19.2urql^1.9.6