JSPM

@cyberhub/trust-wavemaker-rn-codegen

1.0.2
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 14
  • Score
    100M100P100Q82337F
  • License MIT

Security Trust Report: @wavemaker/rn-codegen@11.15.2-rc.64737 — 63/100 (C+, standard). Maintainer risk, supply chain analysis from 8 security databases.

Package Exports

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@cyberhub/trust-wavemaker-rn-codegen) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    Security Trust Report: @wavemaker/rn-codegen

    @wavemaker/rn-codegen@11.15.2-rc.64737: 63/100 | Grade: C+ | Tier: STANDARD (confidence: ±3)

    Scanned on 2026-04-24 from 8 security databases. View package on npm →

    TL;DR

    • Package size increased 393% between versions (4.6MB → 17.9MB)
    • Pin your version and monitor for changes

    Score Breakdown

    Maintainer Trust:  █████████████████░░░ 83/100
Package Health:    █████████████░░░░░░░ 67/100
Supply Chain:      ████████░░░░░░░░░░░░ 41/100
Community:         █████████░░░░░░░░░░░ 43/100

    Why this score?

    • Supply Chain is 41 because: risky dependencies
    • Community is 43 because: no public GitHub repo linked (may be private or on another platform)

    Vulnerabilities

    ✅ No known vulnerabilities detected across 8 security databases.

    Key Risk Flags

    • 🔴 CRITICAL: Package size increased 393% between versions (4.6MB → 17.9MB)
    • 🟠 HIGH: Maintainer(s) removed in v11.8.0-rc.5618: sboyina, wavemaker_devops, wmdocs, nareshr (evidence)
    • 🟠 HIGH: Burst publishing detected — 5+ versions in a single day
    • 🟠 HIGH: Depends on historically compromised package: axios
    • 🟠 HIGH: 1 direct dependencies have known security issues

    🛠️ What Should You Do?

    Immediate:

    Always: Pin version, run pkgtrust scan in CI, monitor at nrupak.com/trust/@wavemaker/rn-codegen

    Maintainers (4)

    Methodology: 18+ signals across 4 categories (Maintainer 35%, Package 25%, Supply Chain 25%, Community 15%). Full scoring docs →

    Check your project: npm i -g @cyberhub/pkgtrust && pkgtrust scan @wavemaker/rn-codegenCLI docs Data Sources: GitHub Advisories · OSV.dev · npm audit · Snyk · Socket.dev · npms.io · Bundlephobia · deps.dev · CISA KEV · Packagephobia · OpenSSF Scorecard · Ecosyste.ms · GitHub Enhanced · Keybase · npm Provenance

    Report by pkgtrust · Dashboard · Compare · CLI

    This is an automated security report. Not affiliated with the @wavemaker/rn-codegen team. Updated 2026-04-24.