npm · registry.npmjs.org
@camunda8/cli
Install Lifecycle Remote Or Exec: prepare="git rev-parse --is-inside-work-tree >/dev/null 2>&1 && sh -c 'hp=$(git config --local --get core.hooksPath 2>/dev/null || true); if [ -z \"$hp\" ] || [ \"$hp\" = \".githooks\" ]; then git config --local core.hooksPath .githooks; else echo \"prepare: leaving existing core.hooksPath=$hp\"; fi' || true"
Why PkgRadar flagged 3.2.0-alpha.2
| Severity | Signal | Evidence |
|---|---|---|
| high | Install Lifecycle Remote Or Exec | prepare="git rev-parse --is-inside-work-tree >/dev/null 2>&1 && sh -c 'hp=$(git config --local --get core.hooksPath 2>/dev/null || true); if [ -z \"$hp\" ] || [ \"$hp\" = \".githooks\" ]; then git config --local core.hooksPath .githooks; else echo \"prepare: leaving existing core.hooksPath=$hp\"; fi' || true" · package.json |
| high | Install Lifecycle Suppresses Failure | prepare="git rev-parse --is-inside-work-tree >/dev/null 2>&1 && sh -c 'hp=$(git config --local --get core.hooksPath 2>/dev/null || true); if [ -z \"$hp\" ] || [ \"$hp\" = \".githooks\" ]; then git config --local core.hooksPath .githooks; else echo \"prepare: leaving existing core.hooksPath=$hp\"; fi' || true" · package.json |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/dist/default-plugins/element-template/c8ctl-plugin.js |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/dist/default-plugins/element-template/helpers.js |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/dist/default-plugins/element-template/marketplace.js |
| medium | Large Javascript Payload | 2368802 bytes · package/dist/vendor/bpmn-element-templates.cjs |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
3.2.0-alpha.10 | Low risk | 0 | 2026-06-04 |
3.2.0-alpha.9 | Low risk | 0 | 2026-06-04 |
3.2.0-alpha.8 | Low risk | 0 | 2026-06-03 |
3.2.0-alpha.7 | Low risk | 0 | 2026-05-31 |
3.2.0-alpha.6 | Low risk | 0 | 2026-05-30 |
3.2.0-alpha.5 | Low risk | 0 | 2026-05-30 |
3.2.0-alpha.4 | Low risk | 0 | 2026-05-29 |
3.2.0-alpha.2 | Review | 96 | 2026-05-25 |
3.2.0-alpha.3 | Review | 96 | 2026-05-25 |
Related campaigns
- install_lifecycle_suppresses_failure:prepare="git rev-parse --is-inside-work-tree >/dev/null 2>&1 && sh -c 'hp=$(git config --local --get core.hookspath 2>/dev/null || true); if [ -z \"$hp\" ] || [ \"$hp\" = \".githooks\" ]; then git config --local core.hookspath .githooks; else echo \"prepare: leaving existing core.hookspath=$hp\"; fi' || true" — 2 releases, max score 103
- install_lifecycle_remote_or_exec:prepare="git rev-parse --is-inside-work-tree >/dev/null 2>&1 && sh -c 'hp=$(git config --local --get core.hookspath 2>/dev/null || true); if [ -z \"$hp\" ] || [ \"$hp\" = \".githooks\" ]; then git config --local core.hookspath .githooks; else echo \"prepare: leaving existing core.hookspath=$hp\"; fi' || true" — 2 releases, max score 103
Block this in CI
pkgradar gate --ecosystem npm @camunda8/[email protected]