Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 3,868Niche · −30% score
- Versions published
- 920Mature · −50% score
- First published
- May 2022
- Publisher
- purecloud
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Large Javascript Payload: 2146602 bytes
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
2 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 2 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Large Javascript Payload | package/dist/cjs/gux-visualization-beta.cjs.entry.js | 2146602 bytes | 0 |
| low | Large Javascript Payload | package/dist/esm/gux-visualization-beta.entry.js | 2146544 bytes | 0 |
Manifest
Package metadata
Scripts43
buildnpm run clean && npm run i18n && npm run generate-gux-icon-types-file && npm run stencil && npm run build-wrapperbuild-i18n./scripts/build-i18n.jsbuild-wrapper./scripts/wrap-stencil.jscheck-a11ynode ./scripts/check-a11y.jscheck-readmes./scripts/check-readmes.shcleanrm -r ./dist ./build || truecurrent-versioncross-var "echo $npm_package_version"devnpm run stencil.deveslinteslint --fix .generate-gux-icon-types-file./scripts/generate-gux-icon-types-file.jsgenerate-region-flags-sprite-file./scripts/generate-region-flags-sprite-file.jsgenerate-start-of-week-file./scripts/generate-start-of-week-file.jsgenerate-versions-file./scripts/generate-versions-file.mjsi18nnpm run update-en-i18n && npm run generate-start-of-week-file && npm run build-i18nlint-allnpm-run-all "eslint" "prettier" "prettier-package-json" "svgo"lint-stagedlint-stagedlist-checked-a11y-componentsnode scripts/list-checked-a11y-components.jslist-component-tracking./scripts/list-component-tracking.jslist-i18n-files./scripts/list-i18n-files.jslist-shadow-explicitly-set./scripts/list-shadow-explicitly-set.jspredevnpm run i18n && npm run generate-gux-icon-types-filepredev.publicnpm run predevpreparenpm run i18nprettierprettier --loglevel silent --ignore-unknown --write .prettier-package-jsonprettier-package-json --write ./package.jsonreleasestandard-versionstencilstencil build --prodstencil.devstencil build --dev --watch --docsstylelintstylelint --fix "**/*.{css,html,less}"svgosvgo -f ./src/components/stable/gux-icon/icons- …and 13 more.
Dependencies10
@floating-ui/dom^1.2.6@popperjs/core^2.11.7google-libphonenumber^3.2.32intl-messageformat^10.3.3requestanimationframe-timer^3.0.3sortablejs^1.15.0stencil-click-outside^1.8.0vega5.22.1vega-embed6.21.2vega-lite5.5.0