npm · registry.npmjs.org

@exulu/backend

Install Lifecycle Remote Or Exec: preinstall="node -e \"if (process.version !== 'v22.18.0') { console.error('❌ Wrong Node.js version. Expected v22.18.0, got ' + process.version); process.exit(1); }\""

Why PkgRadar flagged 1.60.0

Severity	Signal	Evidence
high	Install Lifecycle Remote Or Exec	preinstall="node -e \"if (process.version !== 'v22.18.0') { console.error('❌ Wrong Node.js version. Expected v22.18.0, got ' + process.version); process.exit(1); }\"" · package.json
medium	Remote Payload	matched "curl " · package/ee/python/setup.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.60.0`	High risk	26	2026-06-10
`1.58.0`	High risk	26	2026-06-10
`1.59.0`	High risk	26	2026-06-10
`1.66.0`	High risk	26	2026-06-10
`1.65.0`	High risk	26	2026-06-10
`1.64.0`	High risk	26	2026-06-10
`1.63.3`	High risk	26	2026-06-10
`1.63.2`	High risk	26	2026-06-10
`1.63.1`	High risk	26	2026-06-10
`1.63.0`	High risk	26	2026-06-10
`1.62.1`	High risk	26	2026-06-10
`1.62.0`	High risk	26	2026-06-10
`1.61.3`	High risk	26	2026-06-10
`1.61.2`	High risk	26	2026-06-10
`1.61.1`	High risk	26	2026-06-10
`1.61.0`	High risk	26	2026-06-10

Campaign attribution

Part of the Clob dropper campaign.

Block this in CI

PkgRadar gates @exulu/backend (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @exulu/[email protected]

Start free — 25 scans / mo View full evidence