Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 83
- Versions published
- 10
- First published
- Jan 2026
- Publisher
- huucuongyd
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Large Javascript Payload: 2848146 bytes
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 76 · status changed
Evidence
Static findings
16 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Large Javascript Payload | package/dist/maplibre-gl-csp-dev.js | 2848146 bytes | 10 |
| medium | Large Javascript Payload | package/dist/maplibre-gl-dev.js | 2992887 bytes | 10 |
| medium | Large Javascript Payload | package/dist/ndamap-gl-csp-dev.js | 2809835 bytes | 10 |
| medium | Large Javascript Payload | package/dist/ndamap-gl-dev.js | 2950001 bytes | 10 |
Show all 16 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Large Javascript Payload | package/dist/maplibre-gl-csp-dev.js | 2848146 bytes | 10 |
| medium | Large Javascript Payload | package/dist/maplibre-gl-dev.js | 2992887 bytes | 10 |
| medium | Large Javascript Payload | package/dist/ndamap-gl-csp-dev.js | 2809835 bytes | 10 |
| medium | Large Javascript Payload | package/dist/ndamap-gl-dev.js | 2950001 bytes | 10 |
| low | Obfuscation | package/dist/maplibre-gl-csp-worker.js | matched "\\u02EA" | 3 |
| low | Obfuscation | package/dist/maplibre-gl-csp.js | matched "\\u02EA" | 3 |
| low | Obfuscation | package/dist/maplibre-gl.js | matched "\\u02EA" | 3 |
| low | Obfuscation | package/dist/ndamap-gl-csp-worker-dev.js | matched "\\x00" | 3 |
| low | Obfuscation | package/dist/ndamap-gl-csp-worker.js | matched "\\u02EA" | 3 |
| low | Obfuscation | package/dist/ndamap-gl-csp.js | matched "\\u02EA" | 3 |
| low | Obfuscation | package/dist/ndamap-gl.js | matched "\\u02EA" | 3 |
| low | Obfuscation | package/src/util/resolve_tokens.test.ts | matched "\\ufff0" | 3 |
| low | Obfuscation | package/src/symbol/tagged_string.test.ts | matched "\\u200b" | 3 |
| low | Obfuscation | package/src/symbol/tagged_string.ts | matched "\\u200b" | 3 |
| low | Obfuscation | package/src/util/unicode_properties.g.ts | matched "\\u02EA" | 3 |
| low | Obfuscation | package/src/util/util.ts | matched "\\x00" | 3 |
Manifest
Package metadata
Scripts42
benchmarknode --no-warnings --experimental-transform-types test/bench/run-benchmarks.tsbuild-benchmarksnpm run build-dev && rollup --configPlugin @rollup/plugin-typescript -c test/bench/rollup_config_benchmarks.tsbuild-csprollup --configPlugin @rollup/plugin-typescript -c rollup.config.csp.ts --environment BUILD:productionbuild-csp-devrollup --configPlugin @rollup/plugin-typescript -c rollup.config.csp.ts --environment BUILD:devbuild-csspostcss -o dist/ndamap-gl.css src/css/maplibre-gl.cssbuild-devrollup --configPlugin @rollup/plugin-typescript -c rollup.config.ts --environment BUILD:devbuild-distnpm run build-css && npm run generate-unicode-data && npm run generate-typings && npm run generate-shaders && npm run build-dev && npm run build-csp-dev && npm run build-prod && npm run build-cspbuild-prodrollup --configPlugin @rollup/plugin-typescript -c rollup.config.ts --environment BUILD:productionbundle-statsrollup --configPlugin @rollup/plugin-typescript -c rollup.config.ts --environment BUILD:production,BUNDLE:statscodegenrun-p --print-label generate-dist-package generate-style-code generate-unicode-data generate-struct-arrays generate-shaders && npm run generate-typingsdocsnpm run generate-docs && docker run --rm -v ${PWD}:/docs squidfunk/mkdocs-material buildgenerate-dist-packagenode --no-warnings build/generate-dist-package.jsgenerate-docstypedoc && node --no-warnings --experimental-transform-types build/generate-docs.tsgenerate-imagesnode --no-warnings --experimental-transform-types build/generate-doc-images.tsgenerate-shadersnode --no-warnings --experimental-transform-types build/generate-shaders.tsgenerate-struct-arraystsx build/generate-struct-arrays.tsgenerate-style-codenode --no-warnings --experimental-transform-types build/generate-style-code.tsgenerate-typingsdts-bundle-generator --project tsconfig.codegen.json --export-referenced-types=false --umd-module-name=ndamapgl -o ./dist/ndamap-gl.d.ts ./src/index.tsgenerate-unicode-datanode --no-warnings --experimental-transform-types build/generate-unicode-data.tsgl-statsnode --no-warnings --experimental-transform-types test/bench/gl-stats.tslinteslintlint-cssstylelint **/*.css --fix -f verbosepreparenpm run codegenspellcheckcspellstartrun-p watch-css watch-dev start-serverstart-benchrun-p watch-css watch-benchmarks start-serverstart-docsdocker run --rm -it -p 8000:8000 -v ${PWD}:/docs squidfunk/mkdocs-materialstart-serverst --no-cache -H localhost --port 9966 .testrun-p lint lint-css test-render test-unit test-integration test-buildtest-buildvitest run --config vitest.config.build.ts- …and 12 more.
Dependencies22
@mapbox/geojson-rewind^0.5.2@mapbox/jsonlint-lines-primitives^2.0.2@mapbox/point-geometry^1.1.0@mapbox/tiny-sdf^2.0.7@mapbox/unitbezier^0.0.1@mapbox/vector-tile^2.0.4@mapbox/whoots-js^3.1.0@maplibre/geojson-vt^5.0.4@maplibre/maplibre-gl-style-spec^24.4.1@maplibre/mlt^1.1.2@maplibre/vt-pbf^4.2.1@types/geojson^7946.0.16@types/supercluster^7.1.3earcut^3.0.2gl-matrix^3.4.4kdbush^4.0.2murmurhash-js^1.0.0pbf^4.0.1potpack^2.1.0quickselect^3.0.0supercluster^8.0.1tinyqueue^3.0.0