PkgRadar

npm · registry.npmjs.org

@0xmaxma/claude-gateway

Install Lifecycle Suppresses Failure: postinstall="if command -v bun >/dev/null 2>&1; then bun install --cwd mcp; else echo 'Warning: bun not found. Run `cd mcp && bun install` manually to enable MCP tools.'; fi"

Why PkgRadar flagged 1.2.10

SeveritySignalEvidence
highInstall Lifecycle Suppresses Failurepostinstall="if command -v bun >/dev/null 2>&1; then bun install --cwd mcp; else echo 'Warning: bun not found. Run `cd mcp && bun install` manually to enable MCP tools.'; fi" · package.json
mediumRemote Payloadmatched "raw.githubusercontent.com" · package/dist/apps/registry-client.js
mediumRemote Payloadmatched "api.telegram.org/bot" · package/mcp/tools/agent/handlers.ts
mediumRemote Payloadmatched "api.telegram.org/bot" · package/lib/pairing.ts

Scanned versions

VersionVerdictScoreScanned (UTC)
1.2.10High risk492026-06-13
1.2.8High risk492026-06-13
1.2.9High risk492026-06-13
1.2.7High risk492026-06-13
1.2.6High risk712026-06-13
1.3.4High risk492026-06-12
1.3.3High risk492026-06-11
1.3.2High risk492026-06-11
1.3.1High risk492026-06-11
1.3.0High risk492026-06-11
1.2.32High risk712026-06-11
1.2.31High risk492026-06-10
1.2.30High risk492026-06-10
1.2.29High risk712026-06-10
1.2.28High risk492026-06-10
1.2.5High risk492026-06-10
1.2.3High risk492026-06-10
1.2.2High risk492026-06-10
1.2.1High risk492026-06-10
1.2.24High risk492026-06-10
1.2.23High risk712026-06-10
1.2.19High risk492026-06-10
1.2.18High risk492026-06-10
1.2.17High risk492026-06-10
1.2.16High risk712026-06-10
1.2.15High risk712026-06-10
1.2.13High risk492026-06-10
1.2.12High risk712026-06-10
1.2.11High risk492026-06-10
1.1.10High risk292026-06-10
1.2.0High risk542026-06-10
1.2.27High risk492026-06-10
1.2.26High risk492026-06-10
1.2.25High risk492026-06-10

Block this in CI

PkgRadar gates @0xmaxma/claude-gateway (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @0xmaxma/[email protected]
Start free — 25 scans / moView full evidence