Package evidence

@ws-ui/[email protected]

Large Javascript Payload: 4154827 bytes

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 476
Versions published: 319Mature · −50% score
First published: Oct 2023
Publisher: axel-dev

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@ws-ui/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@ws-ui/[email protected]"],"fail_on":"review"}'

Publisheraxel-dev

Artifact bytes9,525,103

Previous version1.12.3

Published2026-05-22T12:12:02.075Z

SHA-2563ec0acd67d3800b18a2c14c79f59d86e5a003b53c58f443ca194d6e9d5b9f6df

Why flagged

What the scanner saw

Large Javascript Payload: 4154827 bytes

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low

13h agoLast checked

lowRisk

0Score

1.13.0-dev.1Version

Status history (1 event)

new → available13h ago · risk low · score 0 · status changed

Evidence

Static findings

2 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 2 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
low	Large Javascript Payload	package/dist/index-BzNXJ2Bl.cjs	4154827 bytes	0
low	Large Javascript Payload	package/dist/index-DNlnvwoR.js	5948610 bytes	0

Manifest

Package metadata

Scripts13

buildcross-env NODE_OPTIONS=--max_old_space_size=8192 tsc && vite build && npm run build:styles:standalone
build:stylesnpx postcss src/StandaloneEditor/style.css -o dist/standalone.css --config ./postcss.config.cjs --no-map
build:styles:standalonetailwindcss -i src/StandaloneEditor/style.css -o dist/standalone.css --postcss ./postcss.config.scoped.js --minify
clean:cachenpx rimraf node_modules/.vite
devnpm run clean:cache && vite
docqodly doc
prepackqodly doc && npm run build
previewvite preview
publishnpm publish --ignore-scripts --access public
startvite
testjest
test:watchjest --watch
watchnodemon --watch ./src --ext jsx,tsx,css,js,ts --exec 'npm run build'

Dependencies51

@dnd-kit/core^5.0.1
@dnd-kit/modifiers^5.0.0
@dnd-kit/sortable^6.0.0
@emotion/react^11.4.0
@emotion/styled^11.14.0
@headlessui/react^1.7.19
@popperjs/core^2.9.2
@qodly/intervals^1.2.4
@radix-ui/react-popover^0.1.6
@radix-ui/react-scroll-area0.0.16
@radix-ui/react-tooltip^0.1.7
@ws-ui/code-editor1.13.0
@ws-ui/condfmt0.0.15
@ws-ui/craftjs-core0.2.26
@ws-ui/craftjs-layers0.2.5
@ws-ui/craftjs-utils0.2.3
@ws-ui/formatter1.13.0
@ws-ui/icons1.13.0
@ws-ui/localization-editor1.13.0-dev.1
@ws-ui/shared1.13.0-dev.1
@ws-ui/store1.13.0-dev.1
@ws-ui/virtualizer0.2.11
assert^2.1.0
css-box-shadow^1.0.0-3
date-fns^2.21.3
downshift^6.1.3
escape-html^1.0.3
framer-motion^4.1.17
lodash^4.17.21
mime-types^2.1.35
…and 21 more.