PkgRadar

Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
31,113Mainstream · −50% score
Versions published
779Mature · −50% score
First published
Dec 2019
Publisher
louismazel

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
Publisherlouismazel
Artifact bytes246,550
Previous version5.0.0-beta.27
Published2026-06-10T18:45:59.044Z
SHA-256eb1e678ddf621afffef401bfab799f8772ccd91dd438453f517d88aa2ac2cc24

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
5.0.0-beta.28Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts16
  • buildvite build
  • build:analyzevite-node build/analyze-bundle.ts
  • build:watchvite build --watch --mode development
  • lintpnpm lint:js && pnpm lint:style
  • lint:fixpnpm lint:js:fix && pnpm lint:style:fix
  • lint:jscross-env NODE_ENV=production eslint
  • lint:js:fixpnpm lint:js --fix
  • lint:stylestylelint "./**/*.{vue,css,scss,postcss,pcss,html}"
  • lint:style:fixpnpm lint:style --fix
  • mazmaz
  • test:unitvitest run
  • test:unit:coveragevitest run --coverage
  • test:unit:coverage:mastervitest run --coverage --changed master
  • test:unit:coverage:watchvitest watch --coverage
  • test:unit:watchvitest watch
  • typecheckvue-tsc --noEmit --skipLibCheck
Dependencies10
  • @floating-ui/vue^1.1.11
  • @maz-ui/cli5.0.0-beta.28
  • @maz-ui/icons5.0.0-beta.25
  • @maz-ui/themes5.0.0-beta.28
  • @maz-ui/translations5.0.0-beta.28
  • @maz-ui/utils5.0.0-beta.28
  • chart.js^4.5.1
  • dayjs^1.11.20
  • libphonenumber-js^1.13.6
  • valibot^1.4.0