PkgRadar

Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
359Mature · −50% score
First published
Mar 2013
Publisher
sebbo2002

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
Publishersebbo2002
Artifact bytes20,764,251
Previous version1.0.2-1
Published2018-07-15T13:33:37.545Z
SHA-256f544d0184698e9285ae53e1fd23a7a437c2fce698796ed74470ae603d2fdd843

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
1.0.2-2Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts13
  • allnpm run check && npm run visualize && npm run tests
  • browser-testwebpack && mkdir -p ./test-result/browser-test && cp ./test/html/index.html ./test-result/browser-test && cp ./node_modules/mocha/mocha.css ./test-result/browser-test && cp ./node_modules/jquery/dist/jquery.min.js ./test-result/browser-test && cp ./node_modules/mocha/mocha.js ./test-result/browser-test && cp ./node_modules/moment/moment.js ./test-result/browser-test && open ./test-result/browser-test/index.html
  • bump:developnpm run bump:reset:next && npm --no-git-tag-version version ${DEVELOP_BUMP:-prerelease}
  • bump:productionnpm run bump:reset && npm --no-git-tag-version version ${PRODUCTION_BUMP:-patch}
  • bump:resetexport MODULEVERSION=$(npm view ical-generator version) && npm run bump:reset:save
  • bump:reset:nextexport MODULEVERSION=$(npm view ical-generator@next version) && npm run bump:reset:save
  • bump:reset:saveecho $MODULEVERSION && npm --no-git-tag-version version ${MODULEVERSION}
  • checknpm run check:eslint
  • check:eslinteslint ./example ./src ./test/*.js
  • coveragenyc --reporter=html --reporter=text --report-dir ./test-result/coverage --check-coverage mocha -c ./test/*.js
  • testmocha -c --reporter mochawesome --reporter-options reportDir=test-result/test,reportFilename=report,json=false ./test/*.js
  • testsnpm run test && npm run coverage
  • visualizeplato -rt ical-generator -d ./code-visualization -e ./.eslintrc.json ./src/*.js
Dependencies1
  • moment-timezone^0.5.17