Package evidence

[email protected]

Large Javascript Payload: 11190394 bytes

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 2,006Mature · −50% score
First published: Mar 2018
Publisher: saint3347

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'

Publishersaint3347

Artifact bytes4,783,234

Previous version2.0.32-beta.3

Published2026-05-28T06:38:35.220Z

SHA-25614e5950a985e6ec3b182aa3955288982789d453a176ea6594b84bb6c750fedb3

Why flagged

What the scanner saw

Large Javascript Payload: 11190394 bytes

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review

20d agoLast checked

reviewRisk

3Score

2.0.32-beta.4Version

Status history (1 event)

new → available20d ago · risk review · score 3 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
medium	Large Javascript Payload	package/dist/shineout.js	11190394 bytes	10

Manifest

Package metadata

Scripts30

buildNODE_OPTIONS=--openssl-legacy-provider npm-run-all build-*
build-cleanrimraf publish .temp
build-cssnode scripts/build-css.js
build-distcross-env NODE_ENV=production webpack --config webpack/config.dist.js
build-dist-devcross-env NODE_ENV=development webpack --config webpack/config.dist.dev.js
build-es5node scripts/build-es5.js
build-esmnode scripts/build-esm.js
build-indexnode scripts/src-index.js
build-packagenode scripts/build-package.js
build-readmecp README.md publish/README.md
build-tsnode scripts/build-ts0.js
css-modulecross-env NODE_ENV=development LOCAL_IDENT_NAME=[local]-[hash:base64:5] node dev-server.js
cypress:opencross-env NODE_ENV=development cypress open
cypress:runcross-env NODE_ENV=development cypress run --browser chrome
docs-buildNODE_OPTIONS=--openssl-legacy-provider npm-run-all docs-build-*
docs-build-chunkcross-env NODE_ENV=production node scripts/dev-site.js
docs-build-cleannode scripts/gh-clean.js
docs-build-featuresnode scripts/build-features.js
docs-build-htmlnode scripts/build-html.js
docs-build-jsNODE_OPTIONS=--openssl-legacy-provider cross-env NODE_ENV=production webpack --config webpack/config.doc.js --display-error-details --verbose
docs-rc-buildcross-env LOG_ENV=rc npm-run-all docs-build-*
linteslint src/
releasenode scripts/publish.js
startNODE_OPTIONS=--openssl-legacy-provider cross-env NODE_ENV=development LOG_ENV=rc CASE_ENV=test node dev-server.js
start-sitecross-env NODE_ENV=development node dev-server.js
stylelintstylelint site/**/*.less --fix && stylelint src/**/*.less --fix
testcross-env NODE_ENV=test jest --config jest.config.js
test:covercross-env NODE_ENV=test jest --coverage
test:silentcross-env NODE_ENV=test jest --silent
test:updatejest -u

Dependencies8

@babel/runtime^7.14.6
classnames^2.3.2
date-fns2.28.0
date-fns-tz1.3.6
dayjs1.11.3
deep-eql^4.0.0
immer^4.0.0
uuid8.3.2