PkgRadar

npm · registry.npmjs.org

@adityaaria/spark

Install-time lifecycle script, New Lifecycle Script Vs Previous

Why PkgRadar flagged 6.1.0

SeveritySignalEvidence
highNew Lifecycle Script Vs Previous

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
6.1.1Review52026-07-02
6.0.30Low risk02026-07-02
6.1.0High risk452026-07-02
6.0.28Low risk02026-07-02
6.0.27Low risk02026-07-02
6.0.26Low risk02026-07-01
6.0.25Low risk02026-07-01
6.0.24Low risk02026-07-01
6.0.23Low risk02026-07-01
6.0.22Low risk02026-07-01
6.0.21Low risk02026-07-01
6.0.20Low risk02026-07-01
6.0.19Low risk02026-07-01
6.0.18Low risk02026-07-01
6.0.17Low risk02026-07-01
6.0.16Low risk02026-07-01
6.0.15Low risk02026-06-30
6.0.14Low risk02026-06-30
6.0.13Low risk02026-06-30
6.0.12Low risk02026-06-30
6.0.11Low risk02026-06-30
6.0.10Low risk02026-06-30
6.0.8Low risk02026-06-30
6.0.9Low risk02026-06-30
6.0.7Low risk02026-06-30
6.0.6Low risk02026-06-30
6.0.5Low risk02026-06-30
6.0.3Low risk02026-06-30
6.0.4Low risk02026-06-30

Campaign attribution

Part of the asteroiddao npm campaign campaign.

Block this in CI

PkgRadar gates @adityaaria/spark (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @adityaaria/[email protected]
@adityaaria/spark — npm security scan | PkgRadar