PkgRadar

npm · registry.npmjs.org

@across-protocol/sdk

Install-time lifecycle script: postinstall="node scripts/build-bigint-buffer.js"

Why PkgRadar flagged 4.4.0-alpha.1

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspostinstall added in 4.4.0-alpha.1 vs 4.3.165: "node scripts/build-bigint-buffer.js" · package.json

Scanned versions

VersionVerdictScoreScanned (UTC)
4.3.166Low risk02026-06-11
4.3.166-alpha.0Low risk02026-06-11
4.4.0-alpha.6Low risk02026-06-10
4.3.165Low risk02026-06-10
4.4.0-alpha.1High risk452026-06-10
4.4.0-alpha.2Review12026-06-10
4.3.165-beta.1Low risk02026-06-03
4.3.164Low risk02026-06-03
4.3.163Low risk02026-05-27
4.3.164-alpha.1Low risk02026-05-27
4.3.161Low risk02026-05-26
4.3.162Low risk02026-05-26
4.3.159Low risk02026-05-24
4.3.160Low risk02026-05-24

Related campaigns

Block this in CI

PkgRadar gates @across-protocol/sdk (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @across-protocol/[email protected]
Start free — 25 scans / moView full evidence
@across-protocol/sdk — npm security scan | PkgRadar