PkgRadar

Package evidence

[email protected]

Large Javascript Payload: 2530400 bytes

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
328Mature · −50% score
First published
Feb 2013
Publisher
swagger-api

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'
Publisherswagger-api
Artifact bytes1,103,343
Previous version3.37.2
Published2026-04-27T11:58:01.779Z
SHA-25662d92dfe87667b2bc23adedcc0aefcef17f367d3ac04123a6be1d0337ec1213d

Why flagged

What the scanner saw

Large Javascript Payload: 2530400 bytes

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low
Last checked
lowRisk
0Score
3.37.3Version
Status history (1 event)
  1. newavailable · risk low · score 0 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 1 findings (low-signal and informational)
SeverityKindPathDetailPoints
lowLarge Javascript Payloadpackage/dist/swagger-client.browser.js2530400 bytes0

Manifest

Package metadata

Scripts19
  • analyze:umd:browsersource-map-explorer 'dist/swagger-client.browser.min.js'
  • buildrun-s build:umd:browser build:commonjs build:es
  • build:commonjscross-env BABEL_ENV=commonjs babel src --out-dir lib
  • build:escross-env BABEL_ENV=es babel src --out-dir es
  • build:umd:browsercross-env BABEL_ENV=browser webpack --progress --config config/webpack/browser.config.babel.js
  • cleanrimraf ./dist ./lib ./es ./.deps_check ./coverage
  • deps:licenselicense-checker --production --csv --out $npm_package_config_deps_check_dir/licenses.csv && license-checker --development --csv --out $npm_package_config_deps_check_dir/licenses-dev.csv
  • link:apidomnpm link @swagger-api/apidom-core @swagger-api/apidom-error @swagger-api/apidom-reference @swagger-api/apidom-ns-openapi-2 @swagger-api/apidom-ns-openapi-3-0 @swagger-api/apidom-ns-openapi-3-1 @swagger-api/apidom-ns-openapi-3-2 @swagger-api/apidom-ns-json-schema-draft-4 @swagger-api/apidom-ns-json-schema-draft-6 @swagger-api/apidom-ns-json-schema-draft-7 @swagger-api/apidom-ns-json-schema-2019-09 @swagger-api/apidom-ns-json-schema-2020-12 @swagger-api/apidom-json-pointer
  • linteslint src/ test/
  • lint:fixnpm run lint -- --fix
  • prepublishOnlynpm run clean && npm run lint && npm run test && npm run build
  • testrun-s test:unit:coverage test:artifact
  • test:artifactrun-s test:artifact:umd:browser test:artifact:es test:artifact:commonjs
  • test:artifact:commonjsnpm run build:commonjs && cross-env BABEL_ENV=commonjs jest --config ./config/jest/jest.artifact-commonjs.config.js
  • test:artifact:esnpm run build:es && cross-env BABEL_ENV=commonjs jest --config ./config/jest/jest.artifact-es.config.js
  • test:artifact:umd:browsernpm run build:umd:browser && cross-env BABEL_ENV=browser jest --config ./config/jest/jest.artifact-umd-browser.config.js
  • test:unitcross-env BABEL_ENV=commonjs jest --runInBand --config ./config/jest/jest.unit.config.js
  • test:unit:coveragecross-env BABEL_ENV=commonjs jest --runInBand --config ./config/jest/jest.unit.coverage.config.js
  • test:unit:watchcross-env BABEL_ENV=commonjs jest --runInBand --watch --config ./config/jest/jest.unit.config.js
Dependencies19
  • @babel/runtime-corejs3^7.22.15
  • @scarf/scarf=1.4.0
  • @swagger-api/apidom-core^1.11.0
  • @swagger-api/apidom-error^1.11.0
  • @swagger-api/apidom-json-pointer^1.11.0
  • @swagger-api/apidom-ns-openapi-3-1^1.11.0
  • @swagger-api/apidom-ns-openapi-3-2^1.11.0
  • @swagger-api/apidom-reference^1.11.0
  • @swaggerexpert/cookie^2.0.2
  • deepmerge~4.3.0
  • fast-json-patch^3.0.0-1
  • js-yaml^4.1.0
  • neotraverse=0.6.18
  • node-abort-controller^3.1.1
  • node-fetch-commonjs^3.3.2
  • openapi-path-templating^2.2.1
  • openapi-server-url-templating^1.3.0
  • ramda^0.30.1
  • ramda-adjunct^5.1.0