npm · registry.npmjs.org

@axinom/docusaurus-plugin-papersaurus

Install Lifecycle Remote Or Exec: preinstall="node -e \"const ua=process.env.npm_config_user_agent||'';if(!ua.startsWith('yarn')){console.error('Please use yarn to install dependencies (not npm or pnpm).');process.exit(1)}\""

Why PkgRadar flagged 1.1.1

Severity	Signal	Evidence
high	Install Lifecycle Remote Or Exec	preinstall="node -e \"const ua=process.env.npm_config_user_agent\|\|'';if(!ua.startsWith('yarn')){console.error('Please use yarn to install dependencies (not npm or pnpm).');process.exit(1)}\"" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.1.1`	High risk	35	2026-06-13
`1.1.0`	High risk	75	2026-06-10
`1.0.1`	Low risk	0	2026-05-27

Campaign attribution

Part of the Clob dropper campaign.

Block this in CI

PkgRadar gates @axinom/docusaurus-plugin-papersaurus (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @axinom/[email protected]

Start free — 25 scans / mo View full evidence