PkgRadar

Package evidence

@vcmap/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
129Mature · −50% score
First published
Apr 2022
Publisher
jbolling

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@vcmap/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@vcmap/[email protected]"],"fail_on":"review"}'
Publisherjbolling
Artifact bytes8,459,481
Previous version6.3.6
Published2026-05-21T14:38:35.272Z
SHA-25650e0224c01330ff22204e371c01d1030b1daf7ee8adb8a20c8794cc165273185

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
6.3.7Version
Status history (2 events)
  1. availableavailable · risk low · score 0 · status available -> available, risk high -> low, score 27 -> 0
  2. newavailable · risk high · score 27 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Dependencies34
  • @vcmap/cesium-filters^2.0.0
  • @vcmap/cesium-inspector^2.0.0
  • @vcmap/clipping-tool^4.0.0
  • @vcmap/create-link^3.0.0
  • @vcmap/draw^5.0.0
  • @vcmap/dynamic-layer^3.0.0
  • @vcmap/event-control^1.0.1
  • @vcmap/export^2.1.0
  • @vcmap/flight^3.0.0
  • @vcmap/gamepad^1.0.0
  • @vcmap/geofence^1.0.2
  • @vcmap/height-profile^3.0.0
  • @vcmap/layer-settings^1.0.1
  • @vcmap/layer-slider^2.0.0
  • @vcmap/line-of-sight^2.0.0
  • @vcmap/link-button^2.0.0
  • @vcmap/list-view^1.0.0
  • @vcmap/measurement^5.0.0
  • @vcmap/module-selector^3.0.0
  • @vcmap/multi-view^3.0.0
  • @vcmap/panorama^1.0.0
  • @vcmap/pointcloud-settings^1.0.0
  • @vcmap/print^4.0.0
  • @vcmap/search-coordinate^2.0.0
  • @vcmap/search-esri^3.0.0
  • @vcmap/search-nominatim^2.0.0
  • @vcmap/search-wfs^2.1.0
  • @vcmap/sensorthings^1.0.0
  • @vcmap/shadow^3.1.0
  • @vcmap/swipe-tool^4.0.0
  • …and 4 more.
Optional dependencies2
  • @vcmap/guided-tour^1.0.6
  • @vcmap/planning^7.0.0