Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 40,980Mainstream · −50% score
- Versions published
- 181Mature · −50% score
- First published
- Feb 2021
- Publisher
- alekseymanetov
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Large Javascript Payload: 3777059 bytes
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 25 · status changed
Evidence
Static findings
5 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Large Javascript Payload | package/dist/base-modeler.development.js | 3777059 bytes | 10 |
| medium | Large Javascript Payload | package/dist/camunda-cloud-modeler.development.js | 5657839 bytes | 10 |
| medium | Large Javascript Payload | package/dist/camunda-cloud-modeler.production.min.js | 2464722 bytes | 10 |
| medium | Large Javascript Payload | package/dist/camunda-platform-modeler.development.js | 5445114 bytes | 10 |
| medium | Large Javascript Payload | package/dist/camunda-platform-modeler.production.min.js | 2401122 bytes | 10 |
Manifest
Package metadata
Scripts22
allrun-s clean lint test generate-types distro test:distrocleandel-cli distdevnpm test -- --auto-watch --no-single-rundistrorollup -c --failAfterWarningsformatrun-s format:markdown 'lint -- --fix'format:markdownremark . -qogenerate-typesrun-s generate-types:*generate-types:generatedel-cli "lib/**/*.d.ts" && bio-dts -r --resolveJsonModule --esModuleInterop libgenerate-types:testtsc --noEmitlinteslint .preparerun-s clean distroprepublishOnlyrun-s generate-types test:distrostartnpm run start:cloudstart:basecross-env SINGLE_START=base-modeler npm run devstart:cloudcross-env SINGLE_START=camunda-cloud-modeler npm run devstart:cloud-navigated-viewercross-env SINGLE_START=camunda-cloud-navigated-viewer npm run devstart:cloud-viewercross-env SINGLE_START=camunda-cloud-viewer npm run devstart:platformcross-env SINGLE_START=camunda-platform-modeler npm run devstart:platform-navigated-viewercross-env SINGLE_START=camunda-platform-navigated-viewer npm run devstart:platform-viewercross-env SINGLE_START=camunda-platform-viewer npm run devtestkarma start karma.config.jstest:distronode tasks/test-distro.mjs
Dependencies22
@bpmn-io/align-to-origin^0.7.0@bpmn-io/element-template-chooser^2.1.0@bpmn-io/element-template-icon-renderer^1.0.0@bpmn-io/properties-panel^3.41.2@bpmn-io/variable-resolver^3.0.1@camunda/example-data-properties-provider^1.4.0bpmn-js^18.15.0bpmn-js-color-picker^0.7.2bpmn-js-copy-as-image^0.4.1bpmn-js-create-append-anything^1.2.0bpmn-js-element-templates^2.24.0bpmn-js-executable-fix^0.2.1bpmn-js-native-copy-paste^0.3.0camunda-bpmn-js-behaviors^1.14.1camunda-bpmn-moddle^7.0.1diagram-js^15.13.0diagram-js-grid^2.0.1diagram-js-minimap^5.3.0diagram-js-origin^1.4.0inherits-browser^0.1.0min-dash^5.0.0zeebe-bpmn-moddle^1.13.0