Package evidence

@yabab-dev/[email protected]

Large Javascript Payload: 3123204 bytes

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 1
First published: May 2026
Publisher: yabab-dev

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@yabab-dev/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@yabab-dev/[email protected]"],"fail_on":"review"}'

Publisheryabab-dev

Artifact bytes6,812,625

Previous versionnone

Published2026-05-26T14:06:51.070Z

SHA-2563f12553d9a051b28fd432a3a2c5869d8795edf20e42a0ab6a240b6cd3e28d615

Why flagged

What the scanner saw

Large Javascript Payload: 3123204 bytes

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

17d agoLast checked

reviewRisk

40Score

0.69.0Version

Status history (1 event)

new → available17d ago · risk review · score 40 · status changed

Evidence

Static findings

4 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
medium	Large Javascript Payload	package/dist/index.js	3123204 bytes	10
medium	Large Javascript Payload	package/build/index.min.js	2925710 bytes	10
medium	Large Javascript Payload	package/dist/index.min.js	2925710 bytes	10
medium	Large Javascript Payload	package/dist/niivue.umd.js	2276697 bytes	10

Manifest

Package metadata

Scripts22

buildtsup --config tsup.config.ts && npm run build:forTests && npm run build:min && npm run build:umd
build:forTeststsup --config tsup.config.tests.ts && npm run build:mindemos
build:minnode bundle.js
build:mindemosnode bundleForDemos.js
build:umdvite build --config vite.config.js --base=./ && vite build --config vite.config_inject.js --base=./
demonpm run build:forTests && rm -rf demos/dist && cp -r dist demos/dist && npx http-server demos/ --cors
demo-winnpm run build && npx http-server demos/
devvite
docstypedoc && rm -rf ../docs/docs/api && cp -r devdocs ../docs/docs/api
linteslint . --ext .ts
lint:debugDEBUG=eslint:cli-engine eslint . --ext .ts
lint:fixeslint --fix . --ext .ts
lint:tstsc --noEmit
pretest-demosnpm run build:forTests && node preplaywrighttest.cjs && tsc --incremental -p playwright/e2e/tsconfig.json
pretest-playwrightnpm run build:forTests && node preplaywrighttest.cjs && tsc --incremental -p playwright/e2e/tsconfig.json
pubnpm run build && npm publish --access public
serve-docsnpx http-server devdocs
testnpm run build:forTests && npm run test:unit && jest --maxWorkers=1
test-demosnpx playwright test playwright/e2e/test.demos.spec.ts
test-playwrightnpx playwright test --grep-invert "niivue demo file:"
test-winnpm run build-win && jest
test:unitvitest --run --coverage

Dependencies7

@lukeed/uuid^2.0.1
@ungap/structured-clone^1.2.0
array-equal^1.0.2
fflate^0.8.2
gl-matrix^3.4.3
nifti-reader-js^0.8.0
zarrita^0.5.0

Optional dependencies1

@rollup/rollup-linux-x64-gnu^4.18.1