Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Large Javascript Payload: 5102967 bytes
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 10 · status changed
Evidence
Static findings
1 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Large Javascript Payload | package/.yarn/releases/yarn-1.22.19.cjs | 5102967 bytes | 10 |
Manifest
Package metadata
Scripts1
buildtsc --project utils.tsconfig.json
Dependencies54
@nuxtjs/axios^5.13.6@nuxtjs/composition-api^0.29.0@nuxtjs/device^2.1.0@nuxtjs/emotion^0.1.0@types/body^5.1.1@types/cookie-session^2.0.43@types/cors^2.8.12@types/fs-extra^9.0.12@types/parseurl^1.3.1@types/slug^5.0.2axios^0.21.1bluebird^3.7.2body^5.1.0body-parser^1.19.0busboy^0.3.1camelcase^6.2.0codemirror^5.46.0connect^3.7.0connect-multiparty^2.2.0consola^2.15.3cookie^0.4.1cookie-session^2.0.0-beta.3cors^2.8.5crypto-random-string^3.0.1error-to-html^0.1.0esm^3.2.25exe^1.0.2express^4.16.3express-mount-files^0.1.0fs-extra^10.0.0- …and 24 more.