Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 6,093Niche · −30% score
- Versions published
- 632Mature · −50% score
- First published
- Mar 2023
- Publisher
- umbraco-publish
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@umbraco-cms/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@umbraco-cms/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
No high-signal static finding in the saved report.
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
No findings stored for this release.
Manifest
Package metadata
Scripts52
backoffice:test:e2enpx playwright testbuildtsc --project ./src/tsconfig.build.jsonbuild-storybooknpm run wc-analyze && storybook buildbuild:for:cmsnpm run build && npm run build:workspaces && npm run generate:manifest && npm run package:validate && node ./devops/build/copy-to-cms.jsbuild:for:npmnpm run build -- --declaration && npm run package:validatebuild:for:staticcross-env VITE_UMBRACO_USE_MSW=on vite buildbuild:vitetsc && vite build --mode stagingbuild:workspacesnpm run build -ws --if-presentchecknpm run lint:errors && npm run compile && npm run build-storybook && npm run generate:jsonschema:distcheck:circularnode ./devops/circular/index.js srccheck:duplicate-class-namesnode ./devops/check-duplicate-class-names/index.js src --ignore-tests --ignore-storiescheck:module-dependenciesnode ./devops/module-dependencies/index.jscheck:pathsnode ./devops/build/check-path-length.js dist-cms 120compiletscdevvitedev:icon-managernpm install --prefix devops/icon-manager && npm run dev --prefix devops/icon-managerdev:mockcross-env VITE_UMBRACO_USE_MSW=on vitedev:servercross-env VITE_UMBRACO_USE_MSW=off viteexamplenode ./devops/example-runner/index.jsformatprettier 'src/**/*.ts' --checkformat:fixnpm run format -- --writegenerate:check-const-testnode ./devops/generate-check-const-test/index.jsgenerate:iconsnode ./devops/icons/index.jsgenerate:jsonschematypescript-json-schema --skipLibCheck --ignoreErrors --excludePrivate --required --include "./src/json-schema/umbraco-package-schema.ts"generate:jsonschema:distnpm run generate:jsonschema -- --out ./umbraco-package-schema.json tsconfig.json UmbracoPackagegenerate:jsonschema:importsnode ./devops/json-schema-generator/index.jsgenerate:manifestnode ./devops/build/create-umbraco-package.jsgenerate:overridesnode ./devops/tsc/index.jsgenerate:server-apinpm run generate:server-api -w @umbraco-backoffice/coregenerate:tsconfignode ./devops/tsconfig/index.js- …and 22 more.