PkgRadar

Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
1,218,314Ubiquitous · −70% score
Versions published
168Mature · −50% score
First published
Jun 2013
Publisher
apk

Effective trust discount applied: 70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
Publisherapk
Artifact bytes571,537
Previous version3.0.1
Published2020-03-11T09:31:03.291Z
SHA-256f3919a68372fe05f8e2e6ab5deb108772feed7713fbe39530b8990ec34e7f469

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
3.1.0Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts25
  • allrun-s reset test cov:check doc:html
  • buildrun-s clean && run-p build:*
  • build:maintsc -p tsconfig.json
  • cleantrash build test
  • covrun-s build test:unit cov:html && opn coverage/index.html
  • cov:checknyc report && nyc check-coverage --lines 73 --functions 57 --branches 56
  • cov:htmlnyc report --reporter=lcov
  • docrun-s doc:html && opn build/docs/index.html
  • doc:htmltypedoc src/ --target ES6 --mode file --out build/docs --ignoreCompilerErrors
  • doc:jsontypedoc src/ --target ES6 --mode file --json build/docs/typedoc.json
  • doc:publishgh-pages -m "[ci skip] Updates" -d build/docs
  • fixrun-s fix:*
  • fix:prettierprettier "src/**/*.ts" --write
  • fix:tslinttslint --fix --project .
  • infonpm-scripts-info
  • preparenpm run snyk-protect
  • prepare-releaserun-s all version doc:publish
  • resetgit clean -dfx && git reset --hard && npm i
  • snyk-protectsnyk protect
  • testrun-s build test:*
  • test:cpdts-node ./src/cli.ts src
  • test:linttslint --project . && prettier "src/**/*.ts" --write
  • test:unitnyc --silent ava
  • versionstandard-version
  • watchrun-s clean build:main && run-p "build:main -- -w" "test:unit -- --watch"
Dependencies15
  • blamer^1.0.1
  • bytes^3.0.0
  • cli-table3^0.5.1
  • colors^1.3.2
  • commander^4.0.1
  • detect-installed^2.0.4
  • eventemitter3^4.0.0
  • exectimer^2.2.0
  • fast-glob^2.2.3
  • fs-extra^8.0.0
  • gitignore-to-glob^0.3.0
  • level^6.0.0
  • prismjs^1.15.0
  • pug^2.0.3
  • rimraf^3.0.0