Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 1,123,735Ubiquitous · −70% score
- Versions published
- 328Mature · −50% score
- First published
- Feb 2013
- Publisher
- swagger-api
Effective trust discount applied: −70% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Looks clean — keep monitoringNo high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Large Javascript Payload: 2641387 bytes
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk low · score 0 · status changed
Evidence
Static findings
1 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 1 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Large Javascript Payload | package/dist/swagger-client.browser.js | 2641387 bytes | 0 |
Manifest
Package metadata
Scripts18
buildrun-s build:umd:browser build:commonjs build:esbuild:commonjscross-env BABEL_ENV=commonjs babel src --out-dir libbuild:escross-env BABEL_ENV=es babel src --out-dir esbuild:umd:browsercross-env BABEL_ENV=browser webpack --progress --config config/webpack/browser.config.babel.jscleanrimraf ./dist ./lib ./es ./.deps_check ./coveragedeps:licenselicense-checker --production --csv --out $npm_package_config_deps_check_dir/licenses.csv && license-checker --development --csv --out $npm_package_config_deps_check_dir/licenses-dev.csvlink:apidomnpm link @swagger-api/apidom-core @swagger-api/apidom-reference @swagger-api/apidom-ns-openapi-3-1 @swagger-api/apidom-ns-openapi-3-0 @swagger-api/apidom-ns-json-schema-draft-4 @swagger-api/apidom-json-pointerlinteslint src/ test/lint:fixnpm run lint -- --fixprepublishOnlynpm run clean && npm run lint && npm run test && npm run build && node ./scripts/overrides.jstestrun-s test:unit:coverage test:artifacttest:artifactrun-s test:artifact:umd:browser test:artifact:es test:artifact:commonjstest:artifact:commonjsnpm run build:commonjs && cross-env BABEL_ENV=commonjs jest --config ./config/jest/jest.artifact-commonjs.config.jstest:artifact:esnpm run build:es && cross-env BABEL_ENV=commonjs jest --config ./config/jest/jest.artifact-es.config.jstest:artifact:umd:browsernpm run build:umd:browser && cross-env BABEL_ENV=browser jest --config ./config/jest/jest.artifact-umd-browser.config.jstest:unitcross-env BABEL_ENV=commonjs jest --runInBand --config ./config/jest/jest.unit.config.jstest:unit:coveragecross-env BABEL_ENV=commonjs jest --runInBand --config ./config/jest/jest.unit.coverage.config.jstest:unit:watchcross-env BABEL_ENV=commonjs jest --runInBand --watch --config ./config/jest/jest.unit.config.js
Dependencies13
@babel/runtime-corejs3^7.11.2cookie~0.5.0cross-fetch^3.1.5deepmerge~4.3.0fast-json-patch^3.0.0-1form-data-encoder^1.4.3formdata-node^4.0.0is-plain-object^5.0.0js-yaml^4.1.0lodash^4.17.21qs^6.10.2traverse~0.6.6url~0.11.0