PkgRadar

Package evidence

@zenvor/[email protected]

Remote Dependency Spec: devDependencies.karma-rollup-preprocessor="github:jlmakes/karma-rollup-preprocessor#7a7268d91149307b3cf2888ee4e65ccd079955a3"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
13
First published
Feb 2026
Publisher
GitHub ActionsTrusted automation · −70% score

Effective trust discount applied: 70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@zenvor/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@zenvor/[email protected]"],"fail_on":"review"}'
PublisherGitHub Actions
Artifact bytes6,441,875
Previous version1.1.0
Published2026-05-08T07:03:38.234Z
SHA-25603c59a320e167fa85e37bb0731ac69c2bb61de398c3b8cb06d1f761c197185a6

Why flagged

What the scanner saw

Remote Dependency Spec: devDependencies.karma-rollup-preprocessor="github:jlmakes/karma-rollup-preprocessor#7a7268d91149307b3cf2888ee4e65ccd079955a3"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
2Score
1.2.0Version
Status history (1 event)
  1. newavailable · risk review · score 2 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumRemote Dependency Specpackage.jsondevDependencies.karma-rollup-preprocessor="github:jlmakes/karma-rollup-preprocessor#7a7268d91149307b3cf2888ee4e65ccd079955a3"8

Manifest

Package metadata

Scripts29
  • buildrollup --config && npm run build:types
  • build:cirollup --config && tsc --build tsconfig-lib.json && api-extractor run && npm run build:copy-types && es-check
  • build:copy-typescp ./dist/hls.d.ts ./dist/hls.d.mts && cp ./dist/hls.d.ts ./dist/hls.js.d.ts
  • build:debugrollup --config --configType full --configType demo
  • build:typestsc --build tsconfig-lib.json && api-extractor run --local && npm run build:copy-types
  • build:watchrollup --config --configType full --configType demo --watch
  • devrun-p build:watch serve
  • docsdoctoc ./docs/API.md && api-documenter markdown -i api-extractor -o api-extractor/api-documenter && rm api-extractor/api-documenter/index.md && npm run docs-md-to-html
  • docs-md-to-htmlgenerate-md --layout github --input api-extractor/api-documenter --output api-docs
  • linteslint --cache src/ tests/ --ext .js --ext .ts
  • lint:fixnpm run lint -- --fix
  • lint:quietnpm run lint -- --quiet
  • lint:stagedlint-staged
  • preparehusky
  • pretestnpm run lint
  • prettierprettier --cache --write .
  • prettier:verifyprettier --cache --check .
  • sanity-checknpm run lint && npm run prettier:verify && npm run type-check && npm run build && es-check && npm run docs && npm run test:unit
  • servehttp-server -o /demo .
  • startnpm run dev
  • testnpm run test:unit && npm run test:func
  • test:funcBABEL_ENV=development mocha --require @babel/register tests/functional/auto/setup.js --timeout 40000 --exit
  • test:func:lightBABEL_ENV=development HLSJS_LIGHT=1 mocha --require @babel/register tests/functional/auto/setup.js --timeout 40000 --exit
  • test:func:sauceSAUCE=1 UA=safari OS='OS X 10.15' BABEL_ENV=development mocha --require @babel/register tests/functional/auto/setup.js --timeout 40000 --exit
  • test:unitkarma start karma.conf.js
  • test:unit:debugDEBUG_UNIT_TESTS=1 karma start karma.conf.js --auto-watch --no-single-run --browsers Chrome
  • test:unit:watchkarma start karma.conf.js --auto-watch --no-single-run
  • type-checktsc --noEmit
  • type-check:watchnpm run type-check -- --watch
Dependencies1
  • @msgpack/msgpack2.8.0