PkgRadar

Package evidence

@woocommerce/[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
3
Versions published
1
First published
Nov 2024
Publisher
~woocommerce

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@woocommerce/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@woocommerce/[email protected]"],"fail_on":"review"}'
Publisher~woocommerce
Artifact bytes13,942
Previous versionnone
Published2024-11-27T20:44:27.051Z
SHA-256cfcda091793a4401403ca415a36b12934e4d7a8a6c966e251a37e2a5299eaa77

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
0.1.0Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts16
  • buildpnpm --if-present --workspace-concurrency=Infinity --stream --filter="$npm_package_name..." '/^build:project:.*$/'
  • build:projectpnpm --if-present '/^build:project:.*$/'
  • build:project:bundlewireit
  • build:project:cjswireit
  • build:project:esmwireit
  • changelogXDEBUG_MODE=off composer install --quiet && composer exec -- changelogger
  • lintpnpm --if-present '/^lint:lang:.*$/'
  • lint:fixpnpm --if-present '/^lint:fix:lang:.*$/'
  • lint:fix:lang:jseslint src --fix
  • lint:lang:jseslint src
  • test:jsjest --config ./jest.config.json --passWithNoTests
  • watch:buildpnpm --if-present --workspace-concurrency=Infinity --filter="$npm_package_name..." --parallel '/^watch:build:project:.*$/'
  • watch:build:projectpnpm --if-present run '/^watch:build:project:.*$/'
  • watch:build:project:bundlewireit
  • watch:build:project:cjswireit
  • watch:build:project:esmwireit
Dependencies34
  • @types/lodash^4.14.202
  • @types/prop-types^15.7.11
  • @types/wordpress__blocks11.0.7
  • @woocommerce/product-editor^1.5.0
  • @woocommerce/settings^1.0.0
  • @woocommerce/tracks^1.4.0
  • @wordpress/api-fetchwp-6.0
  • @wordpress/componentswp-6.0
  • @wordpress/composewp-6.0
  • @wordpress/core-datawp-6.0
  • @wordpress/dataviews^4.4.1
  • @wordpress/datewp-6.0
  • @wordpress/deprecatedwp-6.0
  • @wordpress/edit-postwp-6.0
  • @wordpress/edit-site6.10.0
  • @wordpress/editorwp-6.0
  • @wordpress/elementwp-6.0
  • @wordpress/hookswp-6.0
  • @wordpress/html-entitieswp-6.0
  • @wordpress/i18nwp-6.0
  • @wordpress/icons10.11.0
  • @wordpress/interfacewp-6.0
  • @wordpress/keyboard-shortcutswp-6.0
  • @wordpress/keycodeswp-6.0
  • @wordpress/media-utilswp-6.0
  • @wordpress/pluginswp-6.0
  • @wordpress/preferenceswp-6.0
  • @wordpress/private-apis^1.6.0
  • @wordpress/router1.11.0
  • @wordpress/urlwp-6.0
  • …and 4 more.