Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 212
- Versions published
- 13
- First published
- Mar 2026
- Publisher
- kwinkich
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Install-time lifecycle script: postinstall="npm run prepare"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 5 · status changed
Evidence
Static findings
2 static · 0 from release diff · showing high-signal first.
No high-signal findings — see all findings below.
Show all 2 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| low | Install-time lifecycle script | package.json | postinstall="npm run prepare" | 5 |
| low | Large Javascript Payload | package/dist/index-CGdYkZnB.js | 6943977 bytes | 0 |
Manifest
Package metadata
Scripts31
____________________BUILD AND RUN__________________________________________________________CODEGEN________________________________________________________________LINTING AND FORMATTING_________________________________________________OTHER__________________________________________________________________STORYBOOK______________________________________________________________TESTING___________________________________________buildnpx run-p check build:vitebuild:libyarn build:vite && npm publishbuild:vitevite buildchecknpx run-p lint:style lintextract-translationsnpx i18next 'src/**/*.{tsx,ts}' -c i18next-parser.config.tsgengraphql-codegen --require dotenv/config --config codegen.ymllinteslint .lint:fixnpm run lint -- --fixlint:stylestylelint "**/*.{css,scss}"lint:style:fixnpm run lint:style -- --fixpostinstallnpm run preparepreparehuskystartvitestart:prodvite previewstorybook:buildladle build --outDir storybook-buildstorybook:previewladle previewstorybook:serveladle servetest:devvitesttest:e2e:devplaywright test --uitest:e2e:prodplaywright testtest:e2e:recordnpx playwright codegentest:e2e:show-traceplaywright show-tracetest:prodvitest runts:checktsc --noEmit- …and 1 more.
Dependencies54
@radix-ui/react-dialog^1.1.2@radix-ui/react-icons^1.3.0@radix-ui/react-progress^1.1.0@radix-ui/react-select^2.1.2@radix-ui/react-slot^1.1.0@radix-ui/react-tooltip^1.1.6@reown/appkit^1.6.0@reown/appkit-adapter-solana^1.6.0@reown/appkit-adapter-wagmi^1.6.0@sentry/react^10.45.0@solana/wallet-adapter-base^0.9.23@solana/wallet-adapter-react^0.15.35@solana/wallet-adapter-react-ui^0.9.35@solana/wallet-adapter-trust^0.1.13@solana/wallet-adapter-wallets^0.19.32@solana/web3.js^1.95.4@tanstack/react-query5.77.2@tonconnect/ui-react2.0.9@wagmi/core2.17.2@wert-io/module-react-component^2.1.4@wert-io/widget-initializer^6.3.2autoprefixer^10.4.21class-variance-authority^0.7.0clsx^2.1.1copy-to-clipboard^3.3.3dayjs^1.11.13dotenv^16.4.5effector^23.2.3effector-react^23.2.1effector-storage^7.1.0- …and 24 more.