PkgRadar

Package evidence

[email protected]

Large Javascript Payload: 22886415 bytes

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
631
Versions published
40
First published
Apr 2026
Publisher
stevenzxs

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
Publisherstevenzxs
Artifact bytes7,650,084
Previous version0.2.10
Published2026-06-03T10:11:06.104Z
SHA-2563904be2d233e1b866fb45ad0b04cff30690a1da9723696979b1b4603aa4be876

Why flagged

What the scanner saw

Large Javascript Payload: 22886415 bytes

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
0.2.11Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

3 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 3 findings (low-signal and informational)
SeverityKindPathDetailPoints
lowLarge Javascript Payloadpackage/dist-lib/grapes-vue-lite.umd.cjs22886415 bytes0
lowLarge Javascript Payloadpackage/dist-lib/index-BFZ2_vlv.js8609232 bytes0
lowLarge Javascript Payloadpackage/dist-lib/index-DQ87fm5p.js10685418 bytes0

Manifest

Package metadata

Scripts15
  • bridgenode scripts/local-command-bridge.mjs
  • buildpnpm test:run && pnpm typecheck && pnpm build:app && pnpm build:lib && pnpm check:package
  • build:appvite build
  • build:libvite build -c vite.lib.config.ts && vue-tsc -p tsconfig.lib.json && node scripts/fix-types.mjs
  • check:dist-importnode scripts/check-dist-import.mjs
  • check:packagenode scripts/check-package.mjs
  • check:releasepnpm build && pnpm check:dist-import && pnpm check:types-consumer && pnpm pack:dry-run
  • check:types-consumernode scripts/check-types-consumer.mjs && tsc -p node_modules/.tmp/type-consumer/tsconfig.json
  • devnode scripts/dev-with-bridge.mjs
  • dev:vitevite --host 127.0.0.1 --port 3003
  • pack:dry-runnpm pack --dry-run --json --cache node_modules/.tmp/npm-cache
  • prepublishOnlypnpm build
  • previewvite preview --host 127.0.0.1
  • test:runnode scripts/run-tests.mjs
  • typecheckvue-tsc -b