Package evidence

@uzum-tech/[email protected]

Remote Payload: matched "raw.githubusercontent.com"

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@uzum-tech/[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@uzum-tech/[email protected]"],"fail_on":"high"}'

Publisherjbalancer

Artifact bytes5,405,560

Previous version2.0.7

Published2026-05-24T14:46:27.053Z

SHA-256ca56e4d634c54cccd265d8891cdfd7e9b1ef09657e167e3cc98bf72f030baf98

Why flagged

What the scanner saw

Remote Payload: matched "raw.githubusercontent.com"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high

19d agoLast checked

highRisk

90Score

2.0.8Version

Status history (1 event)

new → available19d ago · risk high · score 90 · status changed

Related candidates

Linked campaigns and clusters

Publisher / release actor burststale

jbalancer

3 members · evidence strength 69

Evidence

Static findings

22 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
medium	Remote Payload	package/web-types.json	matched "raw.githubusercontent.com"	12
medium	Large Javascript Payload	package/dist/index.js	3838243 bytes	10
medium	Large Javascript Payload	package/dist/index.mjs	3601615 bytes	10

Show all 22 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
medium	Remote Payload	package/web-types.json	matched "raw.githubusercontent.com"	12
medium	Large Javascript Payload	package/dist/index.js	3838243 bytes	10
medium	Large Javascript Payload	package/dist/index.mjs	3601615 bytes	10
low	Install-time lifecycle script	package.json	prepare="husky"	4
low	Obfuscation	package/lib/date-picker-v2/src/DatePickerV2.js	matched "\\u2014"	3
low	Obfuscation	package/lib/form/src/FormItem.js	matched "\\u00A0"	3
low	Obfuscation	package/lib/header/src/HeaderSearchResults.js	matched "\\u041D"	3
low	Obfuscation	package/lib/input/src/Input.js	matched "\\u00A0"	3
low	Obfuscation	package/lib/menu/src/Menu.js	matched "\\u00B7"	3
low	Obfuscation	package/lib/pagination/src/Pagination.js	matched "\\u00A0"	3
low	Obfuscation	package/lib/radio/src/Radio.js	matched "\\u00A0"	3
low	Obfuscation	package/lib/tabs/src/Tab.js	matched "\\u00A0"	3
low	Obfuscation	package/lib/mention/src/utils.js	matched "\\u00A0"	3
low	Obfuscation	package/es/date-picker-v2/src/DatePickerV2.mjs	matched "\\u2014"	3
low	Obfuscation	package/es/form/src/FormItem.mjs	matched "\\u00A0"	3
low	Obfuscation	package/es/header/src/HeaderSearchResults.mjs	matched "\\u041D"	3
low	Obfuscation	package/es/input/src/Input.mjs	matched "\\u00A0"	3
low	Obfuscation	package/es/menu/src/Menu.mjs	matched "\\u00B7"	3
low	Obfuscation	package/es/pagination/src/Pagination.mjs	matched "\\u00A0"	3
low	Obfuscation	package/es/radio/src/Radio.mjs	matched "\\u00A0"	3
low	Obfuscation	package/es/tabs/src/Tab.mjs	matched "\\u00A0"	3
low	Obfuscation	package/es/mention/src/utils.mjs	matched "\\u00A0"	3

Manifest

Package metadata

Scripts31

build:packagepnpm run gen-version && pnpm run clean && pnpm run gen-volar-dts && tsc -b --force tsconfig.esm.json && tsx scripts/pre-build/pre-cjs-build.ts && tsc -b --force tsconfig.cjs.json && rollup -c && pnpm run test:umd && pnpm run test:esm && pnpm run post-build && rimraf {es,lib}/*.tsbuildinfo
build:sitesh ./scripts/pre-build-site/pre-build-site.sh && NODE_ENV=production NODE_OPTIONS=--max-old-space-size=4096 vite build && sh ./scripts/post-build-site/post-build-site.sh
build:site:tssh ./scripts/pre-build-site/pre-build-site.sh && TUSIMPLE=true NODE_ENV=production NODE_OPTIONS=--max-old-space-size=4096 vite build && sh ./scripts/post-build-site/post-build-site.sh
build:themestsc -b --force themes/tusimple/tsconfig.esm.json && tsc -b --force themes/tusimple/tsconfig.cjs.json
cleanrimraf site lib es dist node_modules/@uzum-tech/ui themes/tusimple/es themes/tusimple/lib
devpnpm run clean && pnpm run gen-version && pnpm run gen-volar-dts && NODE_ENV=development vite
formatpnpm run format:code && pnpm run format:md && pnpm run lint:fix
format:codeprettier --write "{src,demo,scripts,build}/**/*.{vue,js,ts,tsx}"
format:mdprettier --write --parser markdown --prose-wrap never "(src|demo)/**/*.md"
gen-versiontsx scripts/gen-version.ts
gen-volar-dtstsx scripts/gen-component-declaration.ts
lintpnpm run lint:code && pnpm run lint:type
lint:codeeslint "{src,build,scripts,demo}/**/*.{ts,tsx,js,vue,md}"
lint:demo-typeNODE_OPTIONS=--max-old-space-size=4096 vue-tsc -p src/tsconfig.demo.json
lint:fixeslint --fix "{src,build,scripts,demo}/**/*.{ts,tsx,js,vue,md}"
lint:src-typetsc -b --force tsconfig.esm.json
lint:typepnpm run lint:src-type && pnpm run lint:demo-type
post-buildtsx scripts/post-build/index.ts
preparehusky
release:changelogtsx scripts/release-changelog.ts
release:packagenpm login && pnpm install && pnpm run test && pnpm run build:package && npm publish --no-git-checks
release:siteTUSIMPLE=true pnpm run build:site && node build-doc/generate-deploy-sh.js && sudo bash build-doc/deploy-doc.sh
startpnpm run dev
testvitest run
test:covvitest run --coverage
test:esmvitest run esm-test/index.spec.js
test:umdvitest run umd-test/index.spec.js
test:updatevitest --run --update
test:watchvitest --watch
transpile-docstsx scripts/md-to-vue.ts data-table
…and 1 more.

Dependencies20

@css-render/plugin-bem0.15.14
@css-render/vue3-ssr0.15.14
@types/lodash4.17.24
@types/lodash-es4.17.12
@vueuse/core13.3.0
async-validator4.2.5
cropperjs1.6.2
css-render0.15.14
csstype3.1.3
date-fns4.1.0
date-fns-tz3.2.0
evtd0.2.4
highlight.js11.11.1
lodash4.18.1
lodash-es4.18.1
seemly0.3.10
treemate0.3.11
vdirs0.1.8
vooks0.2.12
vueuc0.4.65