npm · registry.npmjs.org
@amazon-devices/appium-kepler-driver
Native Addon Gyp Action: binding.gyp runs a script or chains shell during node-gyp build (executes outside package.json lifecycle)
Why PkgRadar flagged 3.30.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Native Addon Gyp Action | binding.gyp runs a script or chains shell during node-gyp build (executes outside package.json lifecycle) · package/node_modules/sharp/src/binding.gyp |
| medium | Remote Payload | matched "curl " · package/node_modules/opencv-bindings/fetch-opencv-js.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
3.30.0 | High risk | 52 | 2026-06-17 |
3.31.0 | High risk | 52 | 2026-06-17 |
Campaign attribution
Related campaigns
- native_addon_gyp_action:binding.gyp runs a script or chains shell during node-gyp build (executes outside package.json lifecycle) — 101 releases, max score 147
- amazon-devices-admin — 5 releases, max score 75
Block this in CI
pkgradar gate --ecosystem npm @amazon-devices/[email protected]