PkgRadar

Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
283Mature · −50% score
First published
Dec 2020
Publisher
mobify

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
Publishermobify
Artifact bytes951,024
Previous version5.1.0-unstable-20260608094020
Published2026-06-09T09:16:32.159Z
SHA-2568783834f9acc6f5f7d5a13214a7312cdb9c4b5e33bb11d1c0655b37e3d6d0784

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
5.1.0-unstable-20260609091300Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts24
  • buildreact-scripts build
  • build:librollup -c
  • check:sizenpm-pack-all --output commerce-sdk-isomorphic-with-deps.tgz && bundlesize
  • check:typestsc --noEmit
  • cirm -rf node_modules && yarn install
  • cleanrm -rf build lib src/lib commerce-sdk-isomorphic-with-deps.tgz
  • depcheckdepcheck
  • diffApisraml-toolkit diff --dir ./temp/oldApis ./apis -f console -o temp/diffApis.txt -s oas
  • docyarn run generateVersionTable && yarn run doc:generate
  • doc:generatetypedoc --mode modules src/lib/** --external-modulemap ".*/src/lib/([\w]+)" --exclude "src/lib/index.ts"
  • ejectreact-scripts eject
  • fixyarn run lint -- --fix
  • fix:styleyarn run lint:style -- --fix
  • generateVersionTablets-node --compiler-options '{"module": "commonjs", "target": "ES6" }' ./scripts/generateVersionTable.ts
  • linteslint --ext js,jsx,ts,tsx .
  • lint:stylestylelint ./src/
  • preparesnyk protect
  • pretestyarn run lint && yarn run lint:style && depcheck && yarn run check:size
  • renderTemplatesPACKAGE_VERSION=$(node -p "require('./package.json').version") ts-node --compiler-options '{"module": "commonjs", "target": "ES6" }' ./scripts/generate-oas.ts
  • startHTTPS=true react-scripts start
  • testyarn run check:types && yarn run test:unit && CI=true yarn run test:react
  • test:reactreact-scripts test --env=jest-environment-jsdom-sixteen src/environment
  • test:unitjest --coverage --testPathIgnorePatterns node_modules src/environment --silent
  • updateApists-node --compiler-options '{"module": "commonjs", "target": "ES6" }' scripts/updateApis.ts && yarn diffApis
Dependencies3
  • nanoid^3.3.8
  • node-fetch2.6.13
  • seedrandom^3.0.5