PkgRadar

Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
1,218,314Ubiquitous · −70% score
Versions published
168Mature · −50% score
First published
Jun 2013
Publisher
apk

Effective trust discount applied: 70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
Publisherapk
Artifact bytes574,223
Previous version3.1.0
Published2020-04-08T20:27:30.287Z
SHA-256c92c8b8e33b345da6586e4ccb5b4e0e8c8c05a229509fc913b9d246f6d8e2328

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
3.2.0Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts25
  • allrun-s reset test cov:check doc:html
  • buildrun-s clean && run-p build:*
  • build:maintsc -p tsconfig.json
  • cleantrash build test
  • covrun-s build test:unit cov:html && opn coverage/index.html
  • cov:checknyc report && nyc check-coverage --lines 73 --functions 57 --branches 56
  • cov:htmlnyc report --reporter=lcov
  • docrun-s doc:html && opn build/docs/index.html
  • doc:htmltypedoc src/ --target ES6 --mode file --out build/docs --ignoreCompilerErrors
  • doc:jsontypedoc src/ --target ES6 --mode file --json build/docs/typedoc.json
  • doc:publishgh-pages -m "[ci skip] Updates" -d build/docs
  • fixrun-s fix:*
  • fix:prettierprettier "src/**/*.ts" --write
  • fix:tslinttslint --fix --project .
  • infonpm-scripts-info
  • preparenpm run snyk-protect
  • prepare-releaserun-s all version doc:publish
  • resetgit clean -dfx && git reset --hard && npm i
  • snyk-protectsnyk protect
  • testrun-s build test:*
  • test:cpdts-node ./src/cli.ts src
  • test:linttslint --project . && prettier "src/**/*.ts" --write
  • test:unitnyc --silent ava
  • versionstandard-version
  • watchrun-s clean build:main && run-p "build:main -- -w" "test:unit -- --watch"
Dependencies15
  • blamer^1.0.1
  • bytes^3.0.0
  • cli-table3^0.6.0
  • colors^1.3.2
  • commander^4.0.1
  • detect-installed^2.0.4
  • eventemitter3^4.0.0
  • exectimer^2.2.0
  • fast-glob^2.2.3
  • fs-extra^9.0.0
  • gitignore-to-glob^0.3.0
  • level^6.0.0
  • prismjs^1.15.0
  • pug^2.0.3
  • rimraf^3.0.0