npm · registry.npmjs.org
@eeacms/volto-searchlib
Install Lifecycle Remote Or Exec: postinstall="node -e \"const fs=require('fs'); const path=require('path'); let file; try { file=path.join(path.dirname(require.resolve('@eeacms/volto-eea-chatbot/package.json')), 'src/ChatBlock/chat/AIMessage.tsx'); } catch (error) { process.exit(0); } const from=\\\"import visit from 'unist-util-visit';\\\"; const to=\\\"import { visit } from 'unist-util-visit';\\\"; const source=fs.readFileSync(file, 'utf8'); if (source.includes(from) && !source.includes(to)) { fs.writeFileSync(file, source.replace(from, to)); }\""
Why PkgRadar flagged 4.1.1
| Severity | Signal | Evidence |
|---|---|---|
| high | Install Lifecycle Remote Or Exec | postinstall="node -e \"const fs=require('fs'); const path=require('path'); let file; try { file=path.join(path.dirname(require.resolve('@eeacms/volto-eea-chatbot/package.json')), 'src/ChatBlock/chat/AIMessage.tsx'); } catch (error) { process.exit(0); } const from=\\\"import visit from 'unist-util-visit';\\\"; const to=\\\"import { visit } from 'unist-util-visit';\\\"; const source=fs.readFileSync(file, 'utf8'); if (source.includes(from) && !source.includes(to)) { fs.writeFileSync(file, source.replace(from, to)); }\"" · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
4.1.1 | High risk | 17 | 2026-06-10 |
4.0.3 | High risk | 17 | 2026-06-10 |
4.1.0 | High risk | 17 | 2026-06-10 |
Campaign attribution
Block this in CI
pkgradar gate --ecosystem npm @eeacms/[email protected]