PkgRadar

Package evidence

@x-team/[email protected]

Remote Dependency Spec: dependencies.react-click-outside="github:tj/react-click-outside"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
9
First published
May 2020
Publisher
nicksp

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@x-team/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@x-team/[email protected]"],"fail_on":"review"}'
Publishernicksp
Artifact bytes3,986,795
Previous version1.3.0
Published2020-09-09T15:05:06.704Z
SHA-256e1decf2c1146cf0daaf7aaedaeb41ff9cb4aa60da60c5a4c2e26a38229a94904

Why flagged

What the scanner saw

Remote Dependency Spec: dependencies.react-click-outside="github:tj/react-click-outside"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
12Score
1.4.0Version
Status history (1 event)
  1. newavailable · risk review · score 12 · status changed

Evidence

Static findings

3 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumRemote Dependency Specpackage.jsondependencies.react-click-outside="github:tj/react-click-outside"12
Show all 3 findings (low-signal and informational)
SeverityKindPathDetailPoints
mediumRemote Dependency Specpackage.jsondependencies.react-click-outside="github:tj/react-click-outside"12
lowLarge Javascript Payloadpackage/lib/all.js2934642 bytes0
lowObfuscation Densitypackage/lib/CustomSelector.jshigh encoded/escaped-token density0

Manifest

Package metadata

Scripts10
  • buildcross-env NODE_ENV=production webpack --config webpack.standalone.js
  • flowflow check src
  • jestjest --roots=src
  • lintstandard "src/**/*.js" ".jest/**/*.js" "jest.config.js" "__mocks__/**/*.js" | snazzy
  • lint-fixstandard "src/**/*.js" ".jest/**/*.js" "jest.config.js" "__mocks__/**/*.js" --fix | snazzy
  • prepublishOnlynpm run build
  • startstart-storybook -p 9001 -c .storybook -s public
  • storybook:buildbuild-storybook -c .storybook -o .storybook-static -s public
  • testnpm run lint && npm run flow
  • watchnpm run build -- --watch
Dependencies22
  • cmz^3.13.0
  • color^3.1.0
  • crypto-js^3.1.9-1
  • date-fns^1.29.0
  • lodash.differenceby^4.8.0
  • lodash.get^4.4.2
  • lodash.isequal^4.5.0
  • lodash.isnumber^3.0.3
  • lodash.throttle^4.1.1
  • markdown-to-jsx^6.9.4
  • react-avatar^3.5.0
  • react-click-outsidegithub:tj/react-click-outside
  • react-copy-to-clipboard^5.0.1
  • react-data-grid^6.1.0
  • react-data-grid-addons^6.1.0
  • react-tooltip^3.11.1
  • react-transition-group^4.3.0
  • react-visibility-sensor^5.1.0
  • recompose^0.30.0
  • tui-editor^1.3.2
  • uuid^3.3.2
  • webfontloader^1.6.28