PkgRadar

Package evidence

@verdaccio/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
189Mature · −50% score
First published
Mar 2019
Publisher
verdaccio.npm

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@verdaccio/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@verdaccio/[email protected]"],"fail_on":"review"}'
Publisherverdaccio.npm
Artifact bytes358,110
Previous version3.4.0
Published2021-12-24T13:00:06.623Z
SHA-2566e2af638e69d5bcae897d11d8a6c2b2af431698e1abda40fd5c3ee64f656a3cb

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
3.4.1Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts20
  • buildwebpack --config tools/webpack.prod.config.babel.js
  • build:sizewebpack --config tools/webpack.prod.config.babel.js --json | webpack-bundle-size-analyzer
  • build:statswebpack --config tools/webpack.prod.config.babel.js --json > stats.json
  • coverage:publishcodecov
  • devconcurrently --kill-others "yarn run dev:web" "yarn run verdaccio:server"
  • dev:webbabel-node tools/dev.server.js
  • lintyarn run lint:js && yarn run lint:css
  • lint:cssyarn stylelint "src/**/styles.ts"
  • lint:jsyarn run type-check && eslint . --ext .js,.ts,.tsx
  • releasestandard-version -a
  • testBABEL_ENV=test NODE_ENV=test TZ=UTC jest --config ./jest/jest.config.js --maxWorkers 2 --passWithNoTests
  • test:acceptancecodeceptjs run --steps
  • test:acceptance:serverconcurrently --kill-others "yarn run verdaccio:server" "yarn run test:acceptance"
  • test:cleanjest --clearCache
  • test:e2e jest --config ./test/jest.config.e2e.js --runInBand
  • test:sizebundlesize
  • test:update-snapshotyarn run test -- -u
  • type-checktsc --noEmit --pretty
  • type-check:watchyarn run type-check -- --watch
  • verdaccio:servernode tools/verdaccio.js