npm · registry.npmjs.org

@devcortex/cli

Install Lifecycle Remote Or Exec: postinstall="node -e \"var fs=require('fs'),path=require('path');['dist/index.js','bin/dcx.cjs'].forEach(function(f){try{fs.chmodSync(path.join(__dirname,f),0o755)}catch(e){}});\" 2>/dev/null || true"

Why PkgRadar flagged 1.5.3

Severity	Signal	Evidence
high	New Lifecycle Script Vs Previous	postinstall added in 1.5.3 vs 1.5.1: "node -e \"var fs=require('fs'),path=require('path');['dist/index.js','bin/dcx.cjs'].forEach(function(f){try{fs.chmodSync(path.join(__dirname,f),0o755)}catch(e){}});\" 2>/dev/null \|\| true" · package.json
high	Install Lifecycle Remote Or Exec	postinstall="node -e \"var fs=require('fs'),path=require('path');['dist/index.js','bin/dcx.cjs'].forEach(function(f){try{fs.chmodSync(path.join(__dirname,f),0o755)}catch(e){}});\" 2>/dev/null \|\| true" · package.json
high	Install Lifecycle Suppresses Failure	postinstall="node -e \"var fs=require('fs'),path=require('path');['dist/index.js','bin/dcx.cjs'].forEach(function(f){try{fs.chmodSync(path.join(__dirname,f),0o755)}catch(e){}});\" 2>/dev/null \|\| true" · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.5.3`	High risk	95	2026-06-10
`1.7.1`	Review	1	2026-06-03
`1.6.0`	Review	1	2026-06-02
`1.7.0`	Review	1	2026-06-02
`1.5.4`	Review	1	2026-06-01
`1.5.1`	Low risk	0	2026-05-31
`1.3.8`	Low risk	0	2026-05-28
`1.4.0`	Low risk	0	2026-05-28

Campaign attribution

Part of the asteroiddao npm campaign campaign.

Block this in CI

PkgRadar gates @devcortex/cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @devcortex/[email protected]

Start free — 25 scans / mo View full evidence