Package evidence

[email protected]

Large Javascript Payload: 2545340 bytes

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 328Mature · −50% score
First published: Feb 2013
Publisher: swagger-api

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Looks clean — keep monitoring

No high-signal indicators in the stored static report. PkgRadar will re-check on the next ingest pass.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"review"}'

Publisherswagger-api

Artifact bytes1,104,039

Previous version3.37.3

Published2026-05-07T13:41:27.194Z

SHA-256848ba0d47bef768b2290c1adf05e0564137005edccd8d3432b2e416cd06181bb

Why flagged

What the scanner saw

Large Javascript Payload: 2545340 bytes

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

low

15h agoLast checked

lowRisk

0Score

3.37.4Version

Status history (1 event)

new → available15h ago · risk low · score 0 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 1 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
low	Large Javascript Payload	package/dist/swagger-client.browser.js	2545340 bytes	0

Manifest

Package metadata

Scripts19

analyze:umd:browsersource-map-explorer 'dist/swagger-client.browser.min.js'
buildrun-s build:umd:browser build:commonjs build:es
build:commonjscross-env BABEL_ENV=commonjs babel src --out-dir lib
build:escross-env BABEL_ENV=es babel src --out-dir es
build:umd:browsercross-env BABEL_ENV=browser webpack --progress --config config/webpack/browser.config.babel.js
cleanrimraf ./dist ./lib ./es ./.deps_check ./coverage
deps:licenselicense-checker --production --csv --out $npm_package_config_deps_check_dir/licenses.csv && license-checker --development --csv --out $npm_package_config_deps_check_dir/licenses-dev.csv
link:apidomnpm link @swagger-api/apidom-core @swagger-api/apidom-error @swagger-api/apidom-reference @swagger-api/apidom-ns-openapi-2 @swagger-api/apidom-ns-openapi-3-0 @swagger-api/apidom-ns-openapi-3-1 @swagger-api/apidom-ns-openapi-3-2 @swagger-api/apidom-ns-json-schema-draft-4 @swagger-api/apidom-ns-json-schema-draft-6 @swagger-api/apidom-ns-json-schema-draft-7 @swagger-api/apidom-ns-json-schema-2019-09 @swagger-api/apidom-ns-json-schema-2020-12 @swagger-api/apidom-json-pointer
linteslint src/ test/
lint:fixnpm run lint -- --fix
prepublishOnlynpm run clean && npm run lint && npm run test && npm run build
testrun-s test:unit:coverage test:artifact
test:artifactrun-s test:artifact:umd:browser test:artifact:es test:artifact:commonjs
test:artifact:commonjsnpm run build:commonjs && cross-env BABEL_ENV=commonjs jest --config ./config/jest/jest.artifact-commonjs.config.js
test:artifact:esnpm run build:es && cross-env BABEL_ENV=commonjs jest --config ./config/jest/jest.artifact-es.config.js
test:artifact:umd:browsernpm run build:umd:browser && cross-env BABEL_ENV=browser jest --config ./config/jest/jest.artifact-umd-browser.config.js
test:unitcross-env BABEL_ENV=commonjs jest --runInBand --config ./config/jest/jest.unit.config.js
test:unit:coveragecross-env BABEL_ENV=commonjs jest --runInBand --config ./config/jest/jest.unit.coverage.config.js
test:unit:watchcross-env BABEL_ENV=commonjs jest --runInBand --watch --config ./config/jest/jest.unit.config.js

Dependencies18

@babel/runtime-corejs3^7.22.15
@scarf/scarf=1.4.0
@swagger-api/apidom-core^1.11.0
@swagger-api/apidom-error^1.11.0
@swagger-api/apidom-json-pointer^1.11.0
@swagger-api/apidom-ns-openapi-3-1^1.11.0
@swagger-api/apidom-ns-openapi-3-2^1.11.0
@swagger-api/apidom-reference^1.11.0
@swaggerexpert/cookie^2.0.2
deepmerge~4.3.0
fast-json-patch^3.0.0-1
js-yaml^4.1.0
neotraverse=0.6.18
node-abort-controller^3.1.1
openapi-path-templating^2.2.1
openapi-server-url-templating^1.3.0
ramda^0.30.1
ramda-adjunct^5.1.0