PkgRadar

Package evidence

@visactor/[email protected]

Large Javascript Payload: 5581637 bytes

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
44,237Mainstream · −50% score
Versions published
624Mature · −50% score
First published
Jun 2023
Publisher
GitHub ActionsTrusted automation · −70% score

Effective trust discount applied: 70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@visactor/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@visactor/[email protected]"],"fail_on":"review"}'
PublisherGitHub Actions
Artifact bytes6,696,079
Previous version2.1.0-alpha.12
Published2026-05-22T13:59:30.982Z
SHA-256e5008c44af65efdd19b84d5257e5c788ca27b3d1f868a45f243d5bdf72205db4

Why flagged

What the scanner saw

Large Javascript Payload: 5581637 bytes

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
12Score
2.1.0-alpha.13Version
Status history (1 event)
  1. newavailable · risk review · score 12 · status changed

Evidence

Static findings

4 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumLarge Javascript Payloadpackage/build/index.es.js5581637 bytes10
mediumLarge Javascript Payloadpackage/build/es5/index.js3574894 bytes10
mediumLarge Javascript Payloadpackage/build/index.js6091805 bytes10
mediumLarge Javascript Payloadpackage/build/index.min.js3252950 bytes10

Manifest

Package metadata

Scripts29
  • analyzenpm run analyze-full && npm run analyze-line && npm run analyze-simple
  • analyze-emptycross-env BUNDLE_ANALYZE='empty' DEBUG='Bundler*' bundle -f umd
  • analyze-fullcross-env BUNDLE_ANALYZE='full' DEBUG='Bundler*' bundle -f umd
  • analyze-piecross-env BUNDLE_ANALYZE='pie' DEBUG='Bundler*' bundle -f umd
  • analyze-simplecross-env BUNDLE_ANALYZE='simple' DEBUG='Bundler*' bundle -f umd
  • buildcross-env DEBUG='Bundler*' bundle --clean && npm run build:schema && npm run build:types && npm run build:es5
  • build:cjscross-env DEBUG='Bundler*' IGNORE_ENTRIES='true' bundle --clean -f cjs --ignorePostTasks --ignoreUmdEntries
  • build:escross-env DEBUG='Bundler*' IGNORE_ENTRIES='true' bundle --clean -f es --ignorePostTasks
  • build:es5rimraf lib && rollup -c --bundleConfigAsCjs
  • build:schemaschema src/typings/spec/chart.ts ISpec --useTypeOfKeyword --ignoreErrors --required > ../vchart-schema/vchart.json
  • build:spec-typesrimraf ./spec-types && tsc -p ./tsconfig.spec.json --declaration --emitDeclarationOnly --outDir ./spec-types
  • build:typestsc --declaration --emitDeclarationOnly --outDir ../vchart-types/types
  • build:umdcross-env DEBUG='Bundler*' IGNORE_ENTRIES='true' bundle -f umd
  • cits-node --transpileOnly --skipProject ./scripts/trigger-test.ts
  • clearrimraf build && rimraf esm && rimraf cjs
  • compiletsc --noEmit
  • devcross-env DEBUG='Bundler*' bundle --clean -f es -w
  • eslinteslint --debug --fix src/
  • eslint:checkeslint .
  • eslint:erreslint . --quiet
  • perf:renderts-node --transpileOnly scripts/render-performance.ts
  • prettierprettier --write --ignore-unknown .
  • prettier:checkprettier --check .
  • sizesize-limit
  • startts-node __tests__/runtime/browser/scripts/initVite.ts && vite serve __tests__/runtime/browser
  • testjest
  • test-covjest -w 16 --coverage
  • test-livenpm run test-watch __tests__/unit
  • test-watchcross-env DEBUG_MODE=1 jest --watch
Dependencies10
  • @visactor/vdataset~1.0.23
  • @visactor/vlayouts~1.0.23
  • @visactor/vrender1.1.0-alpha.22
  • @visactor/vrender-animate1.1.0-alpha.22
  • @visactor/vrender-components1.1.0-alpha.22
  • @visactor/vrender-core1.1.0-alpha.22
  • @visactor/vrender-kits1.1.0-alpha.22
  • @visactor/vscale~1.0.23
  • @visactor/vutils~1.0.23
  • @visactor/vutils-extension2.1.0-alpha.13