npm · registry.npmjs.org
@bgx4k3p/huly-mcp-server
Native Addon Gyp Action: binding.gyp runs a script or chains shell during node-gyp build (executes outside package.json lifecycle)
Why PkgRadar flagged 2.2.4
| Severity | Signal | Evidence |
|---|---|---|
| high | New Lifecycle Script Vs Previous | postinstall added in 2.2.4 vs 2.2.3: "node scripts/patch-sdk.mjs" · package.json |
| high | Native Addon Gyp Action | binding.gyp runs a script or chains shell during node-gyp build (executes outside package.json lifecycle) · package/node_modules/msgpackr-extract/binding.gyp |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2.2.4 | High risk | 80 | 2026-06-10 |
2.4.3 | Low risk | 0 | 2026-06-02 |
2.4.1 | Low risk | 0 | 2026-05-29 |
2.4.2 | Low risk | 0 | 2026-05-29 |
2.3.0 | Review | 8 | 2026-05-28 |
2.4.0 | Review | 7 | 2026-05-28 |
2.2.5 | Review | 17 | 2026-05-24 |
Campaign attribution
Related campaigns
- native_addon_gyp_action:binding.gyp runs a script or chains shell during node-gyp build (executes outside package.json lifecycle) — 57 releases, max score 147
- install_lifecycle_script:postinstall="node scripts/patch-sdk.mjs" — 2 releases, max score 521
Block this in CI
pkgradar gate --ecosystem npm @bgx4k3p/[email protected]