PkgRadar

npm · registry.npmjs.org

@0x0r10n/forge-ai

Install Lifecycle Remote Or Exec: postinstall="node -e \"const fs=require('fs');const d='node_modules/react-devtools-core';if(!fs.existsSync(d)){try{fs.mkdirSync(d,{recursive:true});fs.writeFileSync(d+'/package.json',JSON.stringify({name:'react-devtools-core',version:'0.0.0',main:'index.js'}));fs.writeFileSync(d+'/index.js','module.exports={};');}catch(e){}}\""

Why PkgRadar flagged 1.0.2

SeveritySignalEvidence
highInstall Lifecycle Remote Or Execpostinstall="node -e \"const fs=require('fs');const d='node_modules/react-devtools-core';if(!fs.existsSync(d)){try{fs.mkdirSync(d,{recursive:true});fs.writeFileSync(d+'/package.json',JSON.stringify({name:'react-devtools-core',version:'0.0.0',main:'index.js'}));fs.writeFileSync(d+'/index.js','module.exports={};');}catch(e){}}\"" · package.json
highNew Account With Lifecycle Hookpackage first published 15 day(s) ago, 3 total version(s), has lifecycle hook · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
1.0.2High risk352026-06-10
1.0.1High risk352026-06-10

Block this in CI

PkgRadar gates @0x0r10n/forge-ai (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @0x0r10n/[email protected]
Start free — 25 scans / moView full evidence