Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 685,737Ubiquitous · −70% score
- Versions published
- 892Mature · −50% score
- First published
- Jan 2016
- Publisher
- GitHub ActionsTrusted automation · −70% score
Effective trust discount applied: −70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Obfuscation Density: high encoded/escaped-token density
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 3 · status changed
Evidence
Static findings
1 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Obfuscation Density | package/npm-shrinkwrap.json | high encoded/escaped-token density | 12 |
Manifest
Package metadata
Scripts24
buildtsc -bbuild:docsappium-docs buildcleannpm run build -- --cleandevnpm run build -- --watchdev:docsappium-docs build --servee2e-testmocha --exit --timeout 10m "./test/functional/**/*-specs.ts"e2e-test:basicmocha "./test/functional/basic/**/*-specs.ts" --exit --timeout 10me2e-test:devicemocha "./test/functional/device/**/*-specs.ts" --exit --timeout 10me2e-test:drivermocha "./test/functional/driver/**/*-specs.ts" --exit --timeout 10me2e-test:longmocha "./test/functional/long/**/*-specs.ts" --exit --timeout 10me2e-test:native-web-tapmocha "./test/functional/web/safari-nativewebtap-e2e-specs.ts" --exit --timeout 10me2e-test:parallelmocha "./test/functional/parallel/**/*-specs.ts" --exit --timeout 10me2e-test:webmocha "./test/functional/web/**/*-specs.ts" --exit --timeout 10mformatprettier -w ./lib ./testformat:checkprettier --check ./lib ./testinstall-docs-depsappium-docs init --no-mkdocslinteslint .lint:commitcommitlintlint:fixnpm run lint -- --fixpreparenpm run rebuildpublish:docsappium-docs build --deploy --push -b docs-site -m 'docs: auto-build docs for appium-xcuitest-driver@%s' --alias latestrebuildnpm run clean; npm run buildstartappium --relaxed-security --port 4567 --keep-alive-timeout 1200testmocha --exit --timeout 1m "./test/unit/**/*-specs.ts"
Dependencies23
@appium/strongbox^1.0.0-rc.1@colors/colors^1.6.0appium-ios-device^3.1.12appium-ios-simulator^8.0.0appium-remote-debugger^15.7.3appium-webdriveragent^13.2.0appium-xcode^6.0.2async-lock^1.4.0asyncbox^6.3.0axios^1.4.0commander^14.0.1css-selector-parser^3.0.0js2xmlparser2^0.xlru-cache^11.1.0moment^2.29.4moment-timezone^0.xnode-devicectl^1.1.0node-simctl^8.1.1portscanner^2.2.0semver^7.5.4teen_process^4.0.4winston^3.17.0ws^8.13.0
Optional dependencies1
appium-ios-remotexpc^2.2.1