Package evidence
@wavemaker-ai/[email protected]
Obfuscation Density: high encoded/escaped-token density
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 7
- First published
- May 2026
- Publisher
- wavemaker_devops
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@wavemaker-ai/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@wavemaker-ai/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Obfuscation Density: high encoded/escaped-token density
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
2 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 2 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Obfuscation Density | package/npm-shrinkwrap.json | high encoded/escaped-token density | 0 |
| low | Obfuscation Density | package/package-lock.json | high encoded/escaped-token density | 0 |
Manifest
Package metadata
Scripts15
buildnpm run clean && npm run build:style-dist && tsc && npm run build:cjs && npm run compile-css && npm run minify-css && npm run copy-fonts && npm run copy-tokens && npm run copy-mobile-styles && npm run copy-mobile-variants && npm run copy-mobile-studio-styles && node ./scripts/build.js post-buildbuild:cjswebpack --config webpack.config.cjs --mode developmentbuild:style-distnode scripts/style-dictionary/build-web.js && node scripts/style-dictionary/build-mobile.jscleanrm -rf dist generatedcompile-csslessc src/styles/web/style.less dist/styles/foundation/foundation.csscopy-fontsmkdir -p dist/styles/foundation/fonts && cp -r src/fonts/web/* dist/styles/foundation/fonts/copy-mobile-studio-stylesmkdir -p dist/styles/src/styles/mobile/studio && cp -r src/styles/mobile/studio/* dist/styles/src/styles/mobile/studio/copy-mobile-stylesmkdir -p dist/styles/src/styles/mobile/components && cp -r src/styles/mobile/components/* dist/styles/src/styles/mobile/components/copy-mobile-variantsmkdir -p dist/styles/src/styles/mobile/components/variables && cp -r generated/variables/mobile/* dist/styles/src/styles/mobile/components/variables/copy-native-mobile-tokensmkdir -p dist/styles/src/tokens/mobile && cp -r src/tokens/mobile/* dist/styles/src/tokens/mobile/copy-tokensnpm run copy-web-tokens && npm run copy-native-mobile-tokenscopy-web-tokensmkdir -p dist/styles/src/tokens/web && cp -r src/tokens/web/* dist/styles/src/tokens/webminify-csslessc src/styles/web/style.less dist/styles/foundation/foundation.min.css --clean-css && lessc src/styles/web/icon-fonts.less dist/styles/foundation/icon-fonts.min.css --clean-cssvalidate-tokens:mobilenode scripts/run-token-validation.js --platform native_mobilevalidate-tokens:webnode scripts/run-token-validation.js --platform web
Dependencies2
ajv^8.18.0chroma-js^3.1.2