{"package":"@nativescript-community/ui-pulltorefresh","ecosystem":"npm","latest_version":"2.5.3","description":"A NativeScript plugin to provide the Pull to Refresh control on any view.","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/nativescript-community/ui-pulltorefresh","repository":"https://github.com/nativescript-community/ui-pulltorefresh","downloads_weekly":1974,"health":{"score":45,"risk":"high","breakdown":{"maintenance":0,"popularity":6,"security":25,"maturity":9,"community":5},"deprecated":false,"max_score":100},"vulnerabilities":{"count":0,"critical":0,"high":0,"medium":0,"low":0,"details":[]},"versions":{"latest":"2.5.3","total_count":7,"recent":["2.4.7","2.4.8","2.4.9","2.5.0","2.5.1","2.5.2","2.5.3"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":19,"first_published":"2021-07-01T08:22:58.778Z","last_published":"2023-01-24T15:52:48.248Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":{"score":10,"has_types":true,"types_source":"bundled","types_package":null},"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"use_with_caution","issues":["Moderate health score (45/100) — verify manually"],"use_version":"2.5.3","version_hint":null,"summary":"@nativescript-community/ui-pulltorefresh@2.5.3 low health (45/100) — consider alternatives"},"version_scoped":null,"_meta":{"endpoint":"check","tier":"full","philosophy":"DepScope is free. Use the cheapest endpoint that answers your real question.","cheaper_alternatives":[{"endpoint":"/api/exists/npm/%40nativescript-community%2Fui-pulltorefresh","tokens_estimated":12,"use_when":"you only need to know if the package exists (hallucination guard)"},{"endpoint":"/api/health/npm/%40nativescript-community%2Fui-pulltorefresh","tokens_estimated":80,"use_when":"you only need a 0-100 score for go/no-go (>=70 = safe)"},{"endpoint":"/api/prompt/npm/%40nativescript-community%2Fui-pulltorefresh","tokens_estimated":280,"use_when":"you want a plain-text LLM-friendly brief instead of JSON"},{"endpoint":"POST /api/check_bulk","tokens_estimated":60,"use_when":"you have 5+ packages to check; sends one round-trip instead of N"}],"docs":"https://depscope.dev/integrate"},"requested_version":null,"_cache":"miss","_response_ms":1516,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false,"advisory_id":"MAL-2025-47161","summary":"Malicious code in @nativescript-community/ui-pulltorefresh (npm)","action":"use_with_caution","affected_versions":["2.5.7","2.5.6","2.5.5","2.5.4"],"latest_version_safe":true,"note":"Advisory MAL-2025-47161: versions 2.5.7, 2.5.6, 2.5.5, 2.5.4 are compromised. Current latest (2.5.3) is safe."},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":7,"first_release_age_days":1767,"last_release_days_ago":1194,"avg_days_between_releases":294,"release_velocity":"stale"}}