PkgRadar

Package evidence

[email protected]

Remote Payload: matched "raw.githubusercontent.com"

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"high"}'
Publisheraibayanyu
Artifact bytes3,514,655
Previous version1.3.1
Published2026-05-24T02:05:46.168Z
SHA-256f63a4e1a65c1479f5d08c4dd2f86b67b62dbd62079cf1aba56e5fd9bd2159f11

Why flagged

What the scanner saw

Remote Payload: matched "raw.githubusercontent.com"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high
Last checked
highRisk
55Score
1.3.2-beta.1Version
Status history (1 event)
  1. newavailable · risk high · score 55 · status changed

Related candidates

Linked campaigns and clusters

Publisher / release actor burststale

aibayanyu

2 members · evidence strength 55

Evidence

Static findings

6 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
mediumRemote Payloadpackage/web-types.jsonmatched "raw.githubusercontent.com"12
mediumLarge Javascript Payloadpackage/dist/antd-with-locales.esm.js3094325 bytes10
mediumLarge Javascript Payloadpackage/dist/antd-with-locales.js2402880 bytes10
mediumLarge Javascript Payloadpackage/dist/antd.esm.js2730135 bytes10
mediumLarge Javascript Payloadpackage/dist/antd.js2087085 bytes10
Show all 6 findings (low-signal and informational)
SeverityKindPathDetailPoints
mediumRemote Payloadpackage/web-types.jsonmatched "raw.githubusercontent.com"12
mediumLarge Javascript Payloadpackage/dist/antd-with-locales.esm.js3094325 bytes10
mediumLarge Javascript Payloadpackage/dist/antd-with-locales.js2402880 bytes10
mediumLarge Javascript Payloadpackage/dist/antd.esm.js2730135 bytes10
mediumLarge Javascript Payloadpackage/dist/antd.js2087085 bytes10
lowObfuscationpackage/dist/button/buttonHelper.jsmatched "\\u4E00"3

Manifest

Package metadata

Scripts20
  • buildrun-s build:esm build:vite:parallel build:p
  • build:esmtsdown
  • build:full-esmvite build --config ./vite.esm.config.ts
  • build:llmrun-p build:llm-text build:llm-semantic
  • build:llm-semantictsx ./scripts/llm/generate-llms-semantic.ts
  • build:llm-texttsx ./scripts/llm/generate-llms.ts
  • build:prun-p build:web-types build:style
  • build:stylecross-env NODE_ENV=production tsx ./scripts/style/build-style.ts
  • build:tokenrun-p build:token-meta build:token-statistic
  • build:token-metatsx ./scripts/token/generate-token-meta.ts
  • build:token-statisticcross-env NODE_ENV=production CSSINJS_STATISTIC=1 tsx ./scripts/token/collect-token-statistic.ts
  • build:umdvite build
  • build:vite:parallelrun-p build:umd build:full-esm build:with-locales
  • build:web-typestsx ./scripts/web-types/index.ts
  • build:with-localesrun-p build:with-locales:esm build:with-locales:umd
  • build:with-locales:esmcross-env WITH_LOCALES_FORMAT=es vite build --config ./vite.with-locales.config.ts
  • build:with-locales:umdcross-env WITH_LOCALES_FORMAT=umd vite build --config ./vite.with-locales.config.ts
  • bumpbumpp --commit "chore(release): antdv-next %s" --push --tag "antdv-next@%s"
  • prepublishpnpm build
  • testvitest run
Dependencies47
  • @ant-design/colors^8.0.1
  • @ant-design/fast-color^3.0.1
  • @antdv-next/cssinjs^1.0.6
  • @antdv-next/icons^1.0.6
  • @v-c/async-validator^1.0.1
  • @v-c/cascader^1.1.0
  • @v-c/checkbox^1.0.1
  • @v-c/collapse^1.0.0
  • @v-c/color-picker^1.0.6
  • @v-c/dialog^1.1.0
  • @v-c/drawer^1.0.6
  • @v-c/dropdown^1.0.2
  • @v-c/image^1.0.12
  • @v-c/input^1.1.0
  • @v-c/input-number^1.0.5
  • @v-c/mentions^1.1.0
  • @v-c/menu^1.1.0
  • @v-c/mutate-observer^1.0.1
  • @v-c/notification^2.0.0
  • @v-c/pagination^1.0.0
  • @v-c/picker^1.1.0
  • @v-c/progress^1.0.0
  • @v-c/qrcode^1.0.0
  • @v-c/rate^1.0.1
  • @v-c/resize-observer^1.1.0
  • @v-c/segmented^1.0.2
  • @v-c/select^1.1.0
  • @v-c/slick^1.0.2
  • @v-c/slider^1.1.0
  • @v-c/steps^1.0.0
  • …and 17 more.