npm · registry.npmjs.org

@breakedge/the-board-mcp-server

Install Lifecycle Remote Or Exec: postinstall="node -e \"try{require('fs').chmodSync('dist/index.js',0o755)}catch(e){}\""

Why PkgRadar flagged 0.1.2

Severity	Signal	Evidence
high	New Lifecycle Script Vs Previous	postinstall added in 0.1.2 vs 0.1.1: "node -e \"try{require('fs').chmodSync('dist/index.js',0o755)}catch(e){}\"" · package.json
high	Install Lifecycle Remote Or Exec	postinstall="node -e \"try{require('fs').chmodSync('dist/index.js',0o755)}catch(e){}\"" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.1.3`	Review	10	2026-06-06
`0.1.2`	High risk	75	2026-06-06
`0.1.1`	Low risk	0	2026-06-06
`0.1.0`	Low risk	0	2026-06-06

Block this in CI

PkgRadar gates @breakedge/the-board-mcp-server (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @breakedge/[email protected]