PkgRadar

Package evidence

[email protected]

no findings

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
104
First published
May 2026
Publisher
spine-framework

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
Publisherspine-framework
Artifact bytes486,245
Previous version0.3.35
Published2026-06-16T19:50:57.818Z
SHA-25620af5c0473ef037e5710a48a7d18dd08c55556abec0b77b3aaf7b462bfd16eea

Why flagged

What the scanner saw

No high-signal static finding in the saved report.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
0.3.36Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

No findings stored for this release.

Manifest

Package metadata

Scripts19
  • app-installtsx scripts/app-install-cli.ts
  • assemblebash scripts/assemble.sh
  • assemble:frontendbash scripts/assemble-frontend.sh
  • assemble:functionsbash scripts/assemble-functions.sh
  • buildtsc -b config/tsconfig.json && vite build --config config/vite.config.ts
  • devvite --config config/vite.config.ts
  • docstypedoc --entryPoints .framework/functions/_shared/index.ts --out docs/generated
  • linteslint .
  • load-testtsx scripts/load-test-app-install.ts
  • manifestbash scripts/build-manifest.sh
  • prebuildnpm run assemble && npm run verify
  • previewvite preview --config config/vite.config.ts
  • spine-frameworktsx .framework/cli/index.ts
  • testvitest run
  • test:boundarybash scripts/boundary-check.sh
  • test:corevitest run .framework/tests/unit/core-isolation.test.ts
  • test:integrationvitest run .framework/tests/integration
  • test:unitvitest run .framework/tests/unit
  • verifybash scripts/verify-integrity.sh
Dependencies75
  • @base-ui/react^1.4.1
  • @fontsource-variable/inter^5.2.8
  • @heroicons/react^2.2.0
  • @radix-ui/react-accordion^1.2.12
  • @radix-ui/react-avatar^1.1.3
  • @radix-ui/react-dialog^1.1.6
  • @radix-ui/react-dropdown-menu^2.1.6
  • @radix-ui/react-icons^1.3.2
  • @radix-ui/react-label^2.1.2
  • @radix-ui/react-popover^1.1.6
  • @radix-ui/react-select^2.1.6
  • @radix-ui/react-separator^1.1.2
  • @radix-ui/react-slider^1.3.6
  • @radix-ui/react-slot^1.1.2
  • @radix-ui/react-switch^1.1.3
  • @radix-ui/react-tabs^1.1.3
  • @radix-ui/react-toast^1.2.6
  • @radix-ui/react-tooltip^1.1.8
  • @supabase/supabase-js^2.49.1
  • @tanstack/react-query^5.95.2
  • @tiptap/extension-code-block-lowlight^3.20.0
  • @tiptap/extension-image^3.20.0
  • @tiptap/extension-link^3.20.0
  • @tiptap/extension-placeholder^3.20.0
  • @tiptap/extension-table^3.20.0
  • @tiptap/extension-table-cell^3.20.0
  • @tiptap/extension-table-header^3.20.0
  • @tiptap/extension-table-row^3.20.0
  • @tiptap/extension-youtube^3.20.0
  • @tiptap/pm^3.20.0
  • …and 45 more.