Package evidence

@streamplace/[email protected]

Remote Dependency Spec: dependencies.react-native-webrtc="git+https://github.com/streamplace/react-native-webrtc.git#74fa32266e3a2fee180f5e01bb8753af2a92d9d3"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 60Established · −30% score
First published: Jun 2025
Publisher: streamplace-robot

Effective trust discount applied: −30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@streamplace/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@streamplace/[email protected]"],"fail_on":"review"}'

Publisherstreamplace-robot

Artifact bytes1,088,653

Previous version0.10.21

Published2026-06-02T22:14:47.797Z

SHA-25652d357dd4d460aae7d1992682389393f3bbaa09e8010831c4a4695699d7fb128

Why flagged

What the scanner saw

Remote Dependency Spec: dependencies.react-native-webrtc="git+https://github.com/streamplace/react-native-webrtc.git#74fa32266e3a2fee180f5e01bb8753af2a92d9d3"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

10d agoLast checked

reviewRisk

8Score

0.10.38Version

Status history (1 event)

new → available10d ago · risk review · score 8 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
medium	Remote Dependency Spec	package.json	dependencies.react-native-webrtc="git+https://github.com/streamplace/react-native-webrtc.git#74fa32266e3a2fee180f5e01bb8753af2a92d9d3"	12

Manifest

Package metadata

Scripts6

buildtsc
i18n:compilenode scripts/compile-translations.js
i18n:extracti18next-cli extract && node scripts/migrate-i18n.js
i18n:watchnodemon --watch 'locales/**/*.ftl' --exec 'node scripts/compile-translations.js'
preparenode scripts/compile-translations.js && tsc
starttsc --watch --preserveWatchOutput

Dependencies38

@atproto/api^0.19.3
@atproto/crypto^0.4.5
@emoji-mart/react^1.1.1
@fluent/bundle^0.19.1
@fluent/langneg^0.7.0
@fluent/react^0.15.2
@gorhom/bottom-sheet^5.2.8
@radix-ui/react-dropdown-menu^2.1.16
@rn-primitives/dropdown-menu^1.2.0
@rn-primitives/portal^1.3.0
@rn-primitives/slider^1.2.0
class-variance-authority^0.6.1
expo-image^55.0.6
expo-keep-awake^55.0.4
expo-screen-orientation^55.0.8
expo-sqlite^55.0.10
expo-video^55.0.10
graphemer^1.4.0
hls.js^1.5.17
i18next^25.4.2
i18next-browser-languagedetector^8.2.0
i18next-fluent^2.0.0
i18next-http-backend^3.0.2
i18next-resources-to-backend^1.2.1
intl-pluralrules^2.0.1
lucide-react-native^0.562.0
react-i18next^15.7.3
react-native^0.83.2
react-native-edge-to-edge^1.6.2
react-native-gesture-handler^2.30.0
…and 8 more.