npm · registry.npmjs.org

@dezycro-ai/agent-plugin

Install Lifecycle Suppresses Failure: postinstall="[ -f dist/cli/install.js ] && node dist/cli/install.js || true"

Why PkgRadar flagged 2.5.0

Severity	Signal	Evidence
high	Install Lifecycle Suppresses Failure	postinstall="[ -f dist/cli/install.js ] && node dist/cli/install.js \|\| true" · package.json
medium	New Account With Lifecycle Hook	package first published 12 day(s) ago, 9 total version(s), has lifecycle hook · package.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2.5.0`	High risk	25	2026-06-12
`2.4.0`	High risk	25	2026-06-12
`2.3.1`	High risk	25	2026-06-11
`2.3.0`	High risk	25	2026-06-11
`2.2.0`	High risk	25	2026-06-10
`2.1.2`	Review	5	2026-06-06
`2.1.1`	Review	5	2026-06-03
`2.1.0`	Review	5	2026-06-02
`2.0.0`	Review	5	2026-05-31

Block this in CI

PkgRadar gates @dezycro-ai/agent-plugin (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @dezycro-ai/[email protected]