Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 4,515Mature · −50% score
- First published
- Apr 2017
- Publisher
- npn_ci_wise
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@transferwise/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@transferwise/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
No high-signal static finding in the saved report.
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
No findings stored for this release.
Manifest
Package metadata
Scripts28
buildnpm-run-all build:*build:cleanrm -rf lib buildbuild:copy-csscpx 'src/main.css' build/ & cpx 'src/**/*.css' build/styles/build:copy-filescpx 'src/**/!(db)/*.{json,svg}' buildbuild:copy-langcpx 'src/i18n/*.json' build/i18n && cpx 'src/i18n/index.js' build/i18nbuild:crowdin-source-fileformatjs extract 'src/**/*.messages.+(js|ts|tsx)' --out-file src/i18n/en.json --format simple && prettier --write src/i18n/*.jsonbuild:css-maingulp compileLess --dest=srcbuild:css-utilsnpm-run-all build:css-utils:*build:css-utils:compilegulp compileLess --src='src/styles/less' --dest=build/styles/cssbuild:css-utils:copy-brand-assetscpx 'src/styles/img/**' build/styles/img && cpx 'src/styles/fonts/*' build/styles/fontsbuild:css-utils:copy-varsgulp copyPropsAndVars --src='src/styles/props' --dest='build/styles/props' && gulp copyPropsAndVars --src='src/styles/variables' --dest='build/styles/less'build:jsrollup --config --sourcemapdevnpm-run-all --parallel dev:* dev:*:* storybook:devdev:less:watchgulp watchLess --dest=srcdev:translationspnpm build:crowdin-source-filedocspnpm buildlintpnpm run lint:checklint:checknpm-run-all --parallel lint:check:*lint:check:formatprettier --check --ignore-path ../../.prettierignore . || echo "Prettier failed. Remove this to make this a failure"lint:check:js+tseslint .lint:check:typestsc --noEmit --emitDeclarationOnly falselint:fixnpm-run-all --serial lint:fix:*lint:fix:formatprettier --write --ignore-path ../../.prettierignore .lint:fix:js+tspnpm run lint:check:js+ts --fixstorybook:buildstorybook build --stats-jsonstorybook:devstorybook dev -p 4477testTZ=UTC jesttest:watchTZ=UTC jest --watch
Dependencies17
@babel/runtime^7.29.7@floating-ui/react^0.27.19@headlessui/react^2.2.10@react-aria/focus^3.22.1@react-aria/overlays^3.32.1@transferwise/formatting^2.14.1@transferwise/neptune-tokens^8.24.1@transferwise/neptune-validation^3.3.4clsx^2.1.1commonmark^0.31.2core-js^3.49.0framer-motion^12.40.0lodash.clamp^4.0.3lodash.debounce^4.0.8merge-props^6.0.0react-transition-group^4.4.5virtua^0.49.1