Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 1,195Niche · −30% score
- Versions published
- 274Mature · −50% score
- First published
- Mar 2018
- Publisher
- silentsakky
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@zimbra/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@zimbra/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
No high-signal static finding in the saved report.
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
No findings stored for this release.
Manifest
Package metadata
Scripts21
buildnpm-run-all clean generateSchemaTypes rollup:* -p build:ts minify:* copySchemabuild:analyzevisualize=true npm run buildbuild:tstsc --emitDeclarationOnly --declaration --outDir "dist"cleanrimraf distcopySchemacopyfiles -f src/schema/schema.graphql distgenerateSchemaTypesrimraf src/schema/generated-schema-types.ts && graphql-codegenlinkedBuildnpm run rollup:esm -- --watchlinteslint --config eslint.config.mjs .lint:fixnpm run lint -- --fixminify:cjscross-var uglifyjs $npm_package_main -c pure_getters,pure_funcs=classCallCheck -m toplevel,reserved=['_createClass'] --keep-fnames -o $npm_package_main --source-map content=$npm_package_main.map,url=zm-api-js-client.js.map,filename=$npm_package_main.mapminify:umdcross-var uglifyjs $npm_package_umd_main -c pure_getters,pure_funcs=classCallCheck -m toplevel,reserved=['_createClass'] --keep-fnames -o $npm_package_umd_main --source-map content=$npm_package_umd_main.map,url=zm-api-js-client.umd.js.map,filename=$npm_package_umd_main.mappreparehusky || trueprepublishOnlyif [ "$CI" != "true" ]; then npm test && npm run build && git commit -am $npm_package_version && git tag $npm_package_version && git push && git push --tags; fipublish:betanpm publish --tag=betarollup:cjscross-var rollup -c rollup.config.js -m -f cjs -n $npm_package_amdName $npm_package_source -o $npm_package_mainrollup:esmcross-var rollup -c rollup.config.js -m -f es --environment FORMAT:es -n $npm_package_amdName $npm_package_source -o $npm_package_modulerollup:umdcross-var rollup -c rollup.config.js -m -f umd -n $npm_package_amdName $npm_package_source -o $npm_package_umd_mainsecurity:auditnpx audit-ci@^6 --moderate --report-type summary --pass-enoaudit --skip-devsizeecho "Gzipped Size: $(gzip-size $npm_package_main | pretty-bytes)"test:unitBABEL_ENV=test mocha --require ./babelRegisterConfig.js test/**/*.jstest:watchnpm run test:unit -- --watch
Dependencies6
@apollo/client^3.14.0@graphql-tools/schema^10.0.25dataloader^2.2.2es-toolkit^1.39.10graphql^16.9.0mitt^3.0.0