PkgRadar

Package evidence

@weni/[email protected]

Large Javascript Payload: 2649000 bytes

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
1,236Niche · −30% score
Versions published
868Mature · −50% score
First published
Mar 2021
Publisher
aldemylla

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@weni/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@weni/[email protected]"],"fail_on":"review"}'
Publisheraldemylla
Artifact bytes14,656,670
Previous version3.26.1-alpha.0
Published2026-05-21T12:44:14.125Z
SHA-2569d42491d6344a85c6b26c50f4828c48f8a8a2ca0a7ccbac10828e8d7c73db61b

Why flagged

What the scanner saw

Large Javascript Payload: 2649000 bytes

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
5Score
3.26.1-alpha.4Version
Status history (1 event)
  1. newavailable · risk review · score 5 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumLarge Javascript Payloadpackage/dist/unnnic.mjs2649000 bytes10

Manifest

Package metadata

Scripts13
  • buildvite build && npm run style-dictionary:generate
  • build-storybookstorybook build
  • build:typesvue-tsc && vite build && npm run style-dictionary:generate
  • coveragevitest --coverage
  • devvite
  • formatprettier --write src/
  • linteslint src/**/*.{js,vue,ts} --fix
  • previewvite preview
  • storybookstorybook dev -p 6006
  • style-dictionary:generatestyle-dictionary build --config styleDictionary.config.mjs
  • testvitest
  • test:uivitest --ui
  • type-checkvue-tsc --noEmit
Dependencies16
  • @iconify/vue^5.0.0
  • @vueuse/components^10.4.1
  • @vueuse/core^14.0.0
  • emoji-mart-vue-fast^15.0.5
  • lodash^4.17.21
  • lucide-vue-next^0.546.0
  • mime^4.0.1
  • mitt^3.0.1
  • moment^2.30.1
  • reka-ui^2.6.0
  • remark-gfm^4.0.0
  • tw-animate-css^1.4.0
  • vaul-vue^0.4.1
  • vue^3.4.8
  • vue-i18n9
  • vue-the-mask^0.11.1