PkgRadar

npm · registry.npmjs.org

@codevineai/cli

Install Lifecycle Remote Or Exec, Install-time lifecycle script, New Lifecycle Script Vs Previous

Why PkgRadar flagged 0.2.20260625193508

SeveritySignalEvidence
highNew Lifecycle Script Vs Previouspackage.json
highInstall Lifecycle Remote Or Execpackage.json

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
0.2.20260625193508High risk752026-06-25
0.2.20260624192117Low risk02026-06-24
0.2.20260624172716Low risk02026-06-24
0.2.20260623160638Low risk02026-06-23
0.2.20260623013448Low risk02026-06-23
0.2.20260622212431Low risk02026-06-22
0.2.20260619172543Low risk02026-06-19
0.2.20260619005850Low risk02026-06-19
0.2.20260616171828Low risk02026-06-16
0.2.20260616031639Low risk02026-06-16
0.2.20260614220420Low risk02026-06-14
0.2.20260611162549Low risk02026-06-11
0.2.20260610203652Low risk02026-06-10
0.2.20260608153825Low risk02026-06-08
0.2.20260607153523Low risk02026-06-07
0.2.20260605220123Low risk02026-06-05
0.2.20260604143133Low risk02026-06-04
0.2.20260602194609Low risk02026-06-02
0.2.20260601190032Low risk02026-06-01
0.2.20260601192311Low risk02026-06-01
0.2.20260529154047Low risk02026-05-29
0.2.20260528193745Low risk02026-05-28
0.2.20260527160154Low risk02026-05-27
0.2.20260527182946Low risk02026-05-27
0.2.20260523235548Low risk02026-05-27
0.2.20260526222930Low risk02026-05-27

Campaign attribution

Part of the asteroiddao npm campaign campaign.

Block this in CI

PkgRadar gates @codevineai/cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @codevineai/[email protected]
Start free — 25 scans / moView full evidence