Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 465
- Versions published
- 326Established · −30% score
- First published
- Nov 2025
- Publisher
- ilovemacumba_
Effective trust discount applied: −30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Large Javascript Payload: 10215540 bytes
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 14 · status changed
Evidence
Static findings
2 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Large Javascript Payload | package/dist/bundle.cjs.js | 10215540 bytes | 10 |
| medium | Large Javascript Payload | package/dist/bundle.esm.js | 10220964 bytes | 10 |
Manifest
Package metadata
Scripts28
buildNODE_OPTIONS=--max-old-space-size=4096 rimraf dist && rollup -cbuild-storybookstorybook buildbuild:ciNODE_OPTIONS=--max-old-space-size=8192 BUILD_SOURCEMAP=false rimraf dist && rollup -cchangesetchangesetdevrollup -c -wformatprettier --write .linteslint srcpreparehusky installprepublishOnly[ "$CI" = 'true' ] && echo 'Skipping prepublish build (CI already built)' || npm run buildpush:qualitynode ./scripts/pre-push-quality-checks.mjspush:safenpm run push:qualityreleasechangeset publishstorybookstorybook dev -p 6006testjest --passWithNoTeststest:changednode ./scripts/run-changed-tests.mjstest:cijest --watch=false --passWithNoTeststest:ci:stableCI=true NODE_OPTIONS=--max-old-space-size=8192 jest --watch=false --passWithNoTests --runInBandtest:coveragejest --coverage --watchAll=falsetest:e2eplaywright testtest:e2e:headedplaywright test --headedtest:e2e:reportplaywright show-reporttest:e2e:uiplaywright test --uitest:pathjest --runTestsByPath --watch=false --passWithNoTeststest:relatedjest --findRelatedTests --watch=false --passWithNoTeststest:watchjest --watchtype-checktsc -p tsconfig.build.json --noEmittype-check:declarationsrimraf .declaration-check && tsc -p tsconfig.build.json --emitDeclarationOnly --declarationDir .declaration-check/types --outDir .declaration-check/distversion-packageschangeset version
Dependencies23
@emotion/react^11.12.0@emotion/styled^11.12.0@mui/icons-material^5.18.0@mui/material^5.18.0@mui/x-date-pickers^8.17.0@react-pdf/renderer^4.5.1@storybook/jest^0.2.3@storybook/testing-library^0.2.2@types/color^3.0.6@yudiel/react-qr-scanner^2.5.1color^4.2.3date-fns^4.1.0dayjs^1.11.10html2canvas^1.4.1immer^10.0.2jspdf^4.2.1lodash^4.17.21lucide-react^1.7.0msw-storybook-addon^2.0.5react-i18next^13.2.2react-imask^7.6.1react-input-mask^2.0.4zod^3.22.2