Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 2,445Niche · −30% score
- Versions published
- 1,382Mature · −50% score
- First published
- Oct 2023
- Publisher
- act21_products
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Credential file access: matched "aws_access_key"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 25 · status changed
Evidence
Static findings
22 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 22 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Credential file access | package/src/i18n/locale/cs-CZ.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/da-DK.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/de-DE.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/el-GR.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/en-US.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/es-ES.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/fi-FI.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/fr-FR.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/it-IT.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/ja-JP.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/ko-KR.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/nl-NL.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/no-NO.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/pl-PL.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/pt-PT.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/ro-RO.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/ru-RU.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/sv-SE.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/uk-UA.json | matched "aws_access_key" | 3 |
| low | Credential file access | package/src/i18n/locale/zh-CN.json | matched "aws_access_key" | 3 |
| low | Large Javascript Payload | package/dist/impaktapps-ui-builder.umd.js | 7710897 bytes | 0 |
| low | Large Javascript Payload | package/dist/index-b203ecbb.js | 8943860 bytes | 0 |
Manifest
Package metadata
Scripts4
buildtsc && vite builddevvitelinteslint . --ext ts,tsx --report-unused-disable-directives --max-warnings 0previewvite preview
Dependencies59
@codemirror/autocomplete^6.4.0@codemirror/commands^6.1.3@codemirror/lang-html^6.4.0@codemirror/lang-javascript^6.1.2@codemirror/lang-json^6.0.1@codemirror/lang-sql^6.3.3@codemirror/lang-xml^6.0.1@codemirror/language^6.3.2@codemirror/lint^6.1.0@codemirror/search^6.2.3@codemirror/state^6.2.0@codemirror/view^6.7.2@emotion/react^11.11.1@emotion/styled^11.11.0@floating-ui/react^0.26.9@mui/icons-material^5.15.14@mui/material^5.14.3@reduxjs/toolkit^1.8.1@types/papaparse^5.3.9@types/react-router-dom^5.3.3@uiw/color-convert^2.1.1@uiw/react-color-sketch^2.1.1chroma-js^2.4.2color^4.2.3dayjs^1.11.10deep-diff^1.0.2framer-motion^10.15.0i18next^23.7.6i18next-browser-languagedetector^7.0.1install^0.13.0- …and 29 more.