PkgRadar

Package evidence

[email protected]

Large Javascript Payload: 5155189 bytes

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
931Mature · −50% score
First published
Jun 2015
Publisher
afc163

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
Publisherafc163
Artifact bytes10,280,335
Previous version6.4.1
Published2026-05-14T15:33:31.612Z
SHA-256cc74b168cfe11f2887cb2ffb016af33eed247b001fabf95f2c3c11809d683fc0

Why flagged

What the scanner saw

Large Javascript Payload: 5155189 bytes

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
6.4.2Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

2 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 2 findings (low-signal and informational)
SeverityKindPathDetailPoints
lowLarge Javascript Payloadpackage/dist/antd-with-locales.js5155189 bytes0
lowLarge Javascript Payloadpackage/dist/antd.js4518351 bytes0

Manifest

Package metadata

Scripts57
  • api-collectionantd-tools run api-collection
  • authorstsx scripts/generate-authors.ts
  • biomebiome check --write
  • buildnpm run compile && cross-env NODE_OPTIONS='--max-old-space-size=4096' npm run dist
  • changelognpm run lint:changelog && tsx scripts/print-changelog.ts
  • cleanantd-tools run clean && rimraf es lib coverage locale dist report.html artifacts.zip oss-artifacts.zip
  • clean:lockfilesrimraf package-lock.json yarn.lock
  • compilenpm run compileOnly
  • compileOnlynpm run clean && antd-tools run compile
  • deploygh-pages -d _site -b gh-pages -f
  • deploy:china-mirrorgit checkout gh-pages && git pull origin gh-pages && git push [email protected]:ant-design/ant-design.git gh-pages -f
  • distnpm run ut-install-react-18 && antd-tools run dist
  • doctorreact-doctor .
  • formatbiome format --write .
  • install-react-18npm i --no-save --legacy-peer-deps react@18 react-dom@18 @testing-library/react@16
  • lintnpm run version && npm run tsc && npm run lint:script && npm run lint:biome && npm run lint:md && npm run lint:changelog
  • lint:biomebiome lint
  • lint:changelogtsx scripts/generate-component-changelog.ts
  • lint:mdremark . -f -q
  • lint:scripteslint . --cache
  • lint:styletsx scripts/check-cssinjs.tsx
  • postpublishtsx scripts/post-publish.ts
  • precompilenpm run prestart
  • predeployantd-tools run clean && npm run site && cp CNAME _site && npm run test:site
  • predistnpm run version && npm run token:statistic && npm run token:meta && npm run style
  • prelintdumi setup
  • prepareis-ci || husky && dumi setup
  • prepublishOnlytsx ./scripts/pre-publish.ts
  • presitenpm run prestart && npm run style -- --layer='@layer theme, base, global, antd, components, utilities;'
  • prestartnpm run version && npm run token:statistic && npm run token:meta && npm run lint:changelog && npm run style
  • …and 27 more.
Dependencies47
  • @ant-design/colors^8.0.1
  • @ant-design/cssinjs^2.1.2
  • @ant-design/cssinjs-utils^2.1.2
  • @ant-design/fast-color^3.0.1
  • @ant-design/icons^6.2.3
  • @ant-design/react-slick~2.0.0
  • @babel/runtime^7.29.2
  • @rc-component/cascader~1.15.0
  • @rc-component/checkbox~2.0.0
  • @rc-component/collapse~1.2.0
  • @rc-component/color-picker~3.1.1
  • @rc-component/dialog~1.9.0
  • @rc-component/drawer~1.4.2
  • @rc-component/dropdown~1.0.2
  • @rc-component/form~1.8.1
  • @rc-component/image~1.9.0
  • @rc-component/input~1.3.0
  • @rc-component/input-number~1.6.2
  • @rc-component/mentions~1.9.0
  • @rc-component/menu~1.3.0
  • @rc-component/motion^1.3.2
  • @rc-component/mutate-observer^2.0.1
  • @rc-component/notification~2.0.6
  • @rc-component/pagination~1.2.0
  • @rc-component/picker~1.10.0
  • @rc-component/progress~1.0.2
  • @rc-component/qrcode~1.1.1
  • @rc-component/rate~1.0.1
  • @rc-component/resize-observer^1.1.2
  • @rc-component/segmented~1.3.0
  • …and 17 more.