npm · registry.npmjs.org
@ceraph/react-native-mcp
Install Lifecycle Remote Or Exec: postinstall="node -e \"try{var e=process.env;if(e.CI||e.CERAPH_SKIP_POSTINSTALL||require('fs').existsSync(process.cwd()+'/../../pnpm-workspace.yaml'))process.exit(0);process.stderr.write('\\n[@ceraph/react-native-mcp] installed. To finish setup run: npx @ceraph/react-native-mcp init\\n (MCP config, sign-in, the runtime-error hook, and your Mac LAN IP. Build/run/device tools work without it.)\\n\\n')}catch(_){}\""
Why PkgRadar flagged 0.4.1
| Severity | Signal | Evidence |
|---|---|---|
| high | New Lifecycle Script Vs Previous | postinstall added in 0.4.1 vs 0.3.3: "node -e \"try{var e=process.env;if(e.CI||e.CERAPH_SKIP_POSTINSTALL||require('fs').existsSync(process.cwd()+'/../../pnpm-workspace.yaml'))process.exit(0);process.stderr.write('\\n[@ceraph/react-native-mcp] installed. To finish setup run: npx @ceraph/react-native-mcp init\\n (MCP config, sign-in, the runtime-error hook, and your Mac LAN IP. Build/run/device tools work without it.)\\n\\n')}catch(_){}\"" · package.json |
| high | Install Lifecycle Remote Or Exec | postinstall="node -e \"try{var e=process.env;if(e.CI||e.CERAPH_SKIP_POSTINSTALL||require('fs').existsSync(process.cwd()+'/../../pnpm-workspace.yaml'))process.exit(0);process.stderr.write('\\n[@ceraph/react-native-mcp] installed. To finish setup run: npx @ceraph/react-native-mcp init\\n (MCP config, sign-in, the runtime-error hook, and your Mac LAN IP. Build/run/device tools work without it.)\\n\\n')}catch(_){}\"" · package.json |
| medium | New Account With Lifecycle Hook | package first published 35 day(s) ago, 7 total version(s), has lifecycle hook · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.4.1 | High risk | 80 | 2026-06-16 |
0.4.0 | High risk | 80 | 2026-06-16 |
0.3.3 | Low risk | 0 | 2026-06-11 |
0.3.2 | Low risk | 0 | 2026-06-11 |
0.3.1 | Low risk | 0 | 2026-06-11 |
0.3.0 | Low risk | 0 | 2026-06-11 |
0.2.0 | Low risk | 0 | 2026-06-09 |
0.2.2 | Low risk | 0 | 2026-06-09 |
0.2.1 | Low risk | 0 | 2026-06-09 |
Campaign attribution
Block this in CI
pkgradar gate --ecosystem npm @ceraph/[email protected]