PkgRadar

Package evidence

[email protected]

Install-time lifecycle script: postinstall="patch-package"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
11,448Mainstream · −50% score
Versions published
378Mature · −50% score
First published
Aug 2014
Publisher
swagger-api

Effective trust discount applied: 50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"high"}'
Publisherswagger-api
Artifact bytes10,330,555
Previous version5.5.2
Published2026-06-02T09:59:24.861Z
SHA-256b5acaf23a7aa846b30901466f48bc92b6cfab3ed1118e933c8c1dad7408d1f85

Why flagged

What the scanner saw

New Lifecycle Script Vs Previous: postinstall added in 5.6.0 vs 5.5.2: "patch-package"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high
Last checked
highRisk
45Score
5.6.0Version
Status history (1 event)
  1. newavailable · risk high · score 45 · status changed

Evidence

Static findings

6 static · 1 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
highNew Lifecycle Script Vs Previouspackage.jsonpostinstall added in 5.6.0 vs 5.5.2: "patch-package"40
Show all 7 findings (low-signal and informational)
SeverityKindPathDetailPoints
highNew Lifecycle Script Vs Previouspackage.jsonpostinstall added in 5.6.0 vs 5.5.2: "patch-package"40
lowInstall-time lifecycle scriptpackage.jsonpostinstall="patch-package"5
lowLarge Javascript Payloadpackage/dist/esm/apidom.worker.js6036939 bytes0
lowLarge Javascript Payloadpackage/dist/umd/apidom.worker.js5230141 bytes0
lowLarge Javascript Payloadpackage/dist/esm/asyncapi-parser.worker.js3056163 bytes0
lowLarge Javascript Payloadpackage/dist/umd/asyncapi-parser.worker.js2539020 bytes0
lowLarge Javascript Payloadpackage/dist/umd/swagger-editor.js15973529 bytes0

Manifest

Package metadata

Scripts24
  • buildnpm run build:app && npm run build:bundle:esm && npm run build:bundle:umd && npm run build:definitions
  • build:appcross-env NODE_OPTIONS=--max_old_space_size=8192 vite build --config vite.config.app.js
  • build:app:servevite preview --outDir build --port 3050
  • build:bundle:esmrimraf ./dist/esm && cross-env NODE_OPTIONS=--max_old_space_size=4096 node vite/scripts/build-bundle-esm.js && rimraf ./dist/esm/swagger-editor.css*
  • build:bundle:umdrimraf ./dist/umd ./dist/swagger-editor.css && cross-env NODE_OPTIONS=--max_old_space_size=4096 node vite/scripts/build-bundle-umd.js && copyfiles -u 2 ./dist/umd/swagger-editor.css ./dist && rimraf ./dist/umd/swagger-editor.css
  • build:definitionstsc -p tsconfig.json
  • cleanrimraf ./build ./dist
  • link:apidomnpm link @swagger-api/apidom-ast @swagger-api/apidom-core @swagger-api/apidom-error @swagger-api/apidom-json-path @swagger-api/apidom-json-pointer @swagger-api/apidom-ls @swagger-api/apidom-ns-api-design-systems @swagger-api/apidom-ns-asyncapi-2 @swagger-api/apidom-ns-json-schema-draft-4 @swagger-api/apidom-ns-json-schema-draft-6 @swagger-api/apidom-ns-json-schema-draft-7 @swagger-api/apidom-ns-openapi-2 @swagger-api/apidom-ns-openapi-3-0 @swagger-api/apidom-ns-openapi-3-1 @swagger-api/apidom-ns-openapi-3-2 @swagger-api/apidom-ns-openapi-3-2 @swagger-api/apidom-parser-adapter-api-design-systems-json @swagger-api/apidom-parser-adapter-api-design-systems-yaml @swagger-api/apidom-parser-adapter-asyncapi-json-2 @swagger-api/apidom-parser-adapter-asyncapi-yaml-2 @swagger-api/apidom-parser-adapter-json @swagger-api/apidom-parser-adapter-openapi-json-2 @swagger-api/apidom-parser-adapter-openapi-json-3-0 @swagger-api/apidom-parser-adapter-openapi-json-3-1 @swagger-api/apidom-parser-adapter-openapi-json-3-2 @swagger-api/apidom-parser-adapter-openapi-yaml-2 @swagger-api/apidom-parser-adapter-openapi-yaml-3-0 @swagger-api/apidom-parser-adapter-openapi-yaml-3-1 @swagger-api/apidom-parser-adapter-openapi-yaml-3-2 @swagger-api/apidom-parser-adapter-yaml-1-2 @swagger-api/apidom-parser @swagger-api/apidom-reference
  • link:apidom-lsnpm link @swagger-api/apidom-ls
  • linteslint . --ext .jsx,.js,.tsx,.ts
  • lint:fixeslint . --ext .jsx,.js,.tsx,.ts --fix
  • postinstallpatch-package
  • pw:ciplaywright test
  • pw:dev:servercross-env ENABLE_PROGRESS_PLUGIN=false vite --port 3000
  • pw:installplaywright install --with-deps chromium
  • pw:reportplaywright show-report test/playwright/report
  • pw:testplaywright test
  • pw:test:debugplaywright test --debug
  • pw:test:headedplaywright test --headed
  • pw:test:uiplaywright test --ui
  • startcross-env DISABLE_ESLINT_PLUGIN=false ENABLE_PROGRESS_PLUGIN=true vite
  • testvitest
  • test:coveragevitest run --coverage
  • test:runvitest run
Dependencies63
  • @asyncapi/avro-schema-parser3.0.24
  • @asyncapi/openapi-schema-parser3.0.24
  • @asyncapi/parser3.6.0
  • @asyncapi/protobuf-schema-parser3.6.0
  • @asyncapi/react-component3.1.1
  • @codingame/monaco-vscode-api=31.0.1
  • @emotion/react^11.14.0
  • @emotion/styled^11.14.0
  • @mui/material^5.16.9
  • @primer/octicons-react^19.15.2
  • @swagger-api/apidom-core1.11.1
  • @swagger-api/apidom-json-pointer1.11.1
  • @swagger-api/apidom-ls1.11.1
  • @swagger-api/apidom-ns-api-design-systems1.11.1
  • @swagger-api/apidom-ns-openapi-21.11.1
  • @swagger-api/apidom-ns-openapi-3-01.11.1
  • @swagger-api/apidom-ns-openapi-3-11.11.1
  • @swagger-api/apidom-ns-openapi-3-21.11.1
  • @swagger-api/apidom-parser-adapter-api-design-systems-json1.11.1
  • @swagger-api/apidom-parser-adapter-api-design-systems-yaml1.11.1
  • @swagger-api/apidom-parser-adapter-asyncapi-json-21.11.1
  • @swagger-api/apidom-parser-adapter-asyncapi-yaml-21.11.1
  • @swagger-api/apidom-parser-adapter-json1.11.1
  • @swagger-api/apidom-parser-adapter-openapi-json-21.11.1
  • @swagger-api/apidom-parser-adapter-openapi-json-3-01.11.1
  • @swagger-api/apidom-parser-adapter-openapi-json-3-11.11.1
  • @swagger-api/apidom-parser-adapter-openapi-json-3-21.11.1
  • @swagger-api/apidom-parser-adapter-openapi-yaml-21.11.1
  • @swagger-api/apidom-parser-adapter-openapi-yaml-3-01.11.1
  • @swagger-api/apidom-parser-adapter-openapi-yaml-3-11.11.1
  • …and 33 more.