Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 2,983Mature · −50% score
- First published
- Oct 2018
- Publisher
- news-tools
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@times-components/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@times-components/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
No high-signal static finding in the saved report.
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
No findings stored for this release.
Manifest
Package metadata
Scripts16
bundle:devyarn cleanup-dist && webpack --config=webpack.config.jsbundle:prodyarn cleanup-dist && NODE_ENV=production webpack --config=webpack.config.js -pbundle:profileyarn cleanup-dist && NODE_ENV=production webpack --config=webpack.config.js --profile --json > dist/stats.jsoncleanup-distrm -rf distdepcheckdepcheck --ignores='cypress,axe-core,depcheck,eslint,graphql,prettier,wait-on,webpack*' --skip-missingfmteslint . --fix && prettier --write '**/*.*'linteslint . && yarn prettier:diff && yarn depcheckprepublishOnlyyarn bundle:prodprettier:diffprettier --list-different '**/*.*'startwebpack --config=src/standalone-renderer/webpack.config.js && node src/standalone-renderer/app.jsstart:testserverGRAPHQL_ENDPOINT=http://localhost:4000/graphql SPOT_ID=5p0t_1m_1d yarn start & wait-on tcp:3000stop:testserverkill $(lsof -t -i:3000)test:integrationyarn bundle:prod && yarn start:testserver && cypress run; exitCode=$?; yarn stop:testserver; exit $exitCodetest:integration:ciyarn bundle:prod && yarn start:testserver && circleci tests glob './__tests__/integration/**.js' | circleci tests run --command="tr ' ' ',' | xargs npx cypress run --reporter cypress-circleci-reporter --spec " --verbose --split-by=timings; exitCode=$?; yarn stop:testserver; exit $exitCodetest:integration:debugyarn start:testserver && DEBUG=cypress:* cypress open; exitCode=$?; yarn stop:testserver; exit $exitCodetest:integration:updateyarn bundle:prod && yarn start:testserver && cypress run --env updateSnapshots=true; exitCode=$?; yarn stop:testserver; exit $exitCode
Dependencies23
@times-components/article^7.21.71-08aad5bf3758e1ac0dbd3f3365398abf6ca101aa.1+08aad5bf37@times-components/author-profile^6.23.51-08aad5bf3758e1ac0dbd3f3365398abf6ca101aa.1+08aad5bf37@times-components/context^1.38.0@times-components/provider^1.48.40@times-components/schema^0.7.5@times-components/tealium^1.15.3@times-components/ts-styleguide^1.56.41@times-components/utils^6.45.0apollo-cache-inmemory1.5.1apollo-client2.5.1apollo-link1.2.4apollo-link-error1.1.2apollo-link-http1.5.14apollo-link-persisted-queries0.2.2cypress^13.14.0cypress-wait-until1.7.2node-fetch2.6.7react16.9.0react-apollo2.5.5react-dom16.9.0react-helmet-async1.0.2styled-components4.3.2unfetch^3.0.0